W32/Zasran-A

Category:	Viruses and Spyware	Protection available since:	23 May 2006 00:00:00 (GMT)
Type:	Win32 worm	Last Updated:	23 May 2006 00:00:00 (GMT)
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

W32/Zasran-A is a worm for the Windows platform.

The worm downloads configuration data from a remote site that defines further behaviors.

W32/Zasran-A spreads via email. Email sent by W32/Zasran-A contains a message text written in German. W32/Zasran-A is a worm for the Windows platform.

The worm creates the file <System>\mszsrn32.dll (also detected as W32/Zasran-A) and injects code into the winlogon.exe process in an attempt to hide certain activity.

The worm downloads configuration data from a remote site that defines further behaviors.

W32/Zasran-A spreads via email. Email sent by W32/Zasran-A contains a message text written in German.

The worm avoids sending email to addresses containing the following:

berkeley
borland.com
bsd.it
contact
debian
drweb.
gnu.org
google
ibm.com
kaspersky
microsoft.com
php.net
postmaster
privacy
rating
register
secure
service
sophos
sun.com
support
webmaster

Attached files have the ZIP file extension with one of the following randomly chosen base names:

Abbild-Der-Rechnung
Anhang
Anhang-Tickets
archiv
Auszahlungen
bank-kontoauszuge
Desktop
Kontoauszug
Neuer Ordner
New Folder
Postbank
Postbank-Ueberweisungen
Rechnung
Rechnung-Anhang
Tickets
Ueberweisung
Weltmeisterschaft
WM-Anhang
WM-Tickets

Try Sophos products for free
Download now

W32/Zasran-A

Free Mac Anti-Virus

Popular topics