high
Summary
Summary
Action- More Information
| How it spreads |
|
|---|---|
| Affected operating systems | Windows |
| Characteristics |
|
| Protection available since | 24 April 2005 14:55:09 (GMT) |
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing worms.
More Information
W32/Wurmark-I is a mass-mailing worm.
W32/Wurmark-I emails itself as a ZIP file attachment.zip. When run, W32/Wurmark-I attempts to connect to a website to display a picture.
The email messages that the worm generates have the following subject lines:
Hehehe LOL!!
email me back hehe...
Your Photo Is On A Webpage!!
Hey Rate My Pic Plz...
Someone Admire's You!
Hey Hows it Goin ?
W32/Wurmark-I harvests email addresses from files with the extensions WAB, ADB, TBB, DBX, ASP, PHP, HTM, HTML and SHT and also tries to spread via Instant Messenger and to computers vulnerable to the LSASS exploit MS04-011. W32/Wurmark-I is a mass-mailing worm.
W32/Wurmark-I emails itself as a ZIP file attachment.zip. When run, W32/Wurmark-I attempts to connect to a website to display a picture.
W32/Wurmark-I harvests email addresses from files with the extensions WAB, ADB, TBB, DBX, ASP, PHP, HTM, HTML and SHT and also tries to spread via Instant Messenger and to computers vulnerable to the LSASS exploit MS04-011.
W32/Wurmark-I copies itself to the Windows system folder and drops the worm W32/Rbot-ABC at the same time. W32/Wurmark-I also creates two clean files named ansmtp.dll and bszip.dll.
The email messages that the worm generates have the following characteristics:
Subject lines:
Hehehe LOL!!
email me back hehe...
Your Photo Is On A Webpage!!
Hey Rate My Pic Plz...
Someone Admire's You!
Hey Hows it Goin ?
Message text:
i just saw this on my computer from a while ago
download it and see if you can remember :)
lol i was lauging like crazy when i saw! :D
I was viewwing this website and came across
a picture they look just like you! infact im sure
it is haha , did you email this pic into them ? or
is it someonce elses that looks like you :S ? pic is attached
in zip file so downloaded it and see and email me back
Hi ive sent 4 emails now & nobody will rate
my photo! :( please download and tell me your opinion
rated out of 10 , its ok if you dont like it
just say i wont be offended p.s i was drunk when
it was taken haha :)
Someone has asked us on there behalf to send
you this email and tell you they think you are
Amazing!! All the The secret persons details
you need are enclosed in the attachment :)
please download and respond telling us if you
would like to make further contact with this
person.
Regards Hallmark Admirer Mail Admin.
Attachment filenames (within the ZIP file):
IMG_001.scr
Photo_01.pif
admirer_005.scr
Lover_01.scr
love_04.scr
Your_pic.scr
Just_For_You.pif
Sexy_02.scr
Scanned_03.scr
W32/Wurmark-I blocks access to a number of system utilities by creating a set of companion dummy files with file extension COM in the system folder. The worm creates the following files:
cmd.com
netstat.com
ping.com
regedit.com
taskkill.com
tasklist.com
tracert.com
|
