Selected viruses, spyware, and other threats: sorted alphabetically

This Trojan – worm spreads by e-mail as an attachment of a message with the following contents:

I received your email and I shall send you a reply ASAP.
Till then, take a look at the attached zipped docs.

The salutation and greeting are generated from several variants and completed by names of the addressee and sender. A file with name zipped_files.exe is attached to the message. After the attachment is run a warning on damaged archive may appear depending on configuration. Then the Trojan gets copied (under the name explore.exe or _setup.exe) into the directory Windows or Windows\System (or System32 on Windows NT) and modifies WIN.INI file (Windows 95/98) or registers (Windows NT). That ensures activation of the worm at any start of the system. If the worm finds personal mail box it sends, by means of MAPI, as an answer e-mails containing the abovementioned text together with attached file. It performs destructive action – it goes through all disks (from C: to Z:) and looks for files with the extension .H (heading files), .C (source texts of the C language), .CPP (source texts of the C++ language), .ASM (assembler source texts), .DOC (Word documents), .XLS (Excel workbooks) and .PPT (PowerPoint presentations). It destroys these files by decreasing their length to zero.

© 1992-2004 Eset s.r.o. All rights reserved. No part of this Encyclopedia may be reproduced, transmitted or used in any other way in any form or by any means without the prior permission.