high
Summary
Summary
Action- More Information
| How it spreads |
|
|---|---|
| Affected operating systems | Windows |
| Characteristics |
|
| Protection available since | 6 September 2005 21:15:16 (GMT) |
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing worms.
More Information
W32/Ahker-J is a mass-mailing worm that arrives in the email with the following characteristics:
From:chosen from
peter_parker@hotmail.com
mariah_hillary@aol.com
johnloke@msn.uk
bazzi@microsoft.com
sarah_alia@yahoo.com
seniormanager@byblos.com
michel_bado@gmail.com
otacon@konami.jp
majortom@fbi.gov
hilton_britgette@ahker.lb
billy@hacker.com
agent@hacker.com
Subject:chosen from:
Returned mail
Delivery Error
Status
Server Report
Mail Transaction Failed
Mail Delivery System
Do not reply to this email!
Error
FWD:Hello
FWD:Hey
There you go!
Password Cracked!
Message body:chosen from
sendmail daemon reported:
Error #804 occured during SMTP session. Partial message has been received.
Attachment: Message.Zip
Mail transaction failed. Partial message is available.
Attachment: Message.Zip
The message contains Unicode characters and has been sent as a binary attachment.
The message contains MIME-encoded graphics and has been sent as a binary attachment.
The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.
Your credit card was charged for $500 USD. For additional information see the attachment.
ESMTP [Secure Mail System #334]: Secure message is attached.
Encrypted message is available.
You have visited illegal websites!!
I have a big list of the websites you surfed.
Bad Gateway: The message has been attached.
There is the password you requested!
Hotmail Cracker Version 2.25 attached!
Attachment:
Message.Zip
W32/Ahker-J spreads by emailing itself to email addresses found on an infected computer.
When first run, W32/Ahker-J copies itself to the <Windows folder>\Bazzi.exe.
In order to be able to run automatically when Windows starts up W32/Ahker-J sets the following registry entry:
HKLME\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Microsoft AntiSpyware
<Windows folder>\Bazzi.exe
W32/Ahker-J may download a version of mswinsck.ocx, Microsoft Windows's Winsock DLL from the certain website in order to be able to run on the W98 and Windows ME platforms.
W32/Ahker-J initiate a flooding attack against predefined websites thus preventing access to them.
Also W32/Ahker-J may disable Download Accelerator Plus (DAP) download application.
|
