high
Summary
Summary
Action- More Information
| How it spreads |
|
|---|---|
| Affected operating systems | Windows |
| Characteristics |
|
| Included in our products from | June 2005 (3.94) |
| Protection available since | 9 May 2005 14:06:14 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please follow the instructions for removing worms.
More Information
W32/Wurmark-K is a mass-mailing worm.
W32/Wurmark-K emails itself as a ZIP file. When run, W32/Wurmark-K displays a JPEG image of an albino gorilla while installing itself on the computer.
 |
| The image displayed by the Wurmark-K worm. |
W32/Wurmark-K harvests email addresses from the infected computer and drops another piece of malware detected as W32/Rbot-ABK.
Emails sent by the worm have the following characteristics:
Subject lines:
Hehehe LOL!!
Your Photo Is On A Webpage!!
Hey Rate My Pic Plz...
Someone admire's you!
Message text:
I just saw this on my computer from a while ago
download it and see if you can remember it
lol i was lauging like crazy when i saw it! :D
email me back hehe...
I was vieweing this website and came across
a picture they look just like you! infact im sure
it is haha , did you email this pic into them ? or
is it someonce else :S ? pic is attached
a zip so download it and check & email me back!
Hi ive sent 5 emails now and nobody will rate
my pic!! :( please download and tell me what you
think out of 10 , dont worry if you dont like it
just say i wont be offended p.s i was drunk when
it was taken :P
Someone has asked us on there behalf to send
you this email and tell you they think you are
wonderfull!!! All the The mystery persons details
you need are enclosed in the attachment :)
please download and respond telling us if you
would like to make further contact with this
person.
Regards Hallmark Admirer Mail Admin.
ZIP filename:
Download.zip
Attachment filenames within the ZIP:
Scanned_03.scr
Sexy_02.scr
IMG_001.scr
Admirer_005.scr
Photo_01.pif
Lover_01.scr
Your_Pic.scr
Just_For_You.pif
W32/Wurmark-K is a mass-mailing worm.
W32/Wurmark-K emails itself as a ZIP file. When run, W32/Wurmark-K displays a JPEG image of an albino gorilla while installing itself on the computer.
|
| The image displayed by the Wurmark-K worm. |
W32/Wurmark-K harvests email addresses from the infected computer and drops another piece of malware detected as W32/Rbot-ABK.
Emails sent by the worm have the following characteristics:
Subject lines:
Hehehe LOL!!
Your Photo Is On A Webpage!!
Hey Rate My Pic Plz...
Someone admire's you!
Message text:
I just saw this on my computer from a while ago
download it and see if you can remember it
lol i was lauging like crazy when i saw it! :D
email me back hehe...
I was vieweing this website and came across
a picture they look just like you! infact im sure
it is haha , did you email this pic into them ? or
is it someonce else :S ? pic is attached
a zip so download it and check & email me back!
Hi ive sent 5 emails now and nobody will rate
my pic!! :( please download and tell me what you
think out of 10 , dont worry if you dont like it
just say i wont be offended p.s i was drunk when
it was taken :P
Someone has asked us on there behalf to send
you this email and tell you they think you are
wonderfull!!! All the The mystery persons details
you need are enclosed in the attachment :)
please download and respond telling us if you
would like to make further contact with this
person.
Regards Hallmark Admirer Mail Admin.
ZIP filename:
Download.zip
Attachment filenames within the ZIP:
Scanned_03.scr
Sexy_02.scr
IMG_001.scr
Admirer_005.scr
Photo_01.pif
Lover_01.scr
Your_Pic.scr
Just_For_You.pif
W32/Wurmark-K copies itself to the Windows system folder as "xtc.tmp", creates the file "wini.exe" which is detected as W32/Rbot-ABK, and creates the clean DLL files "ansmtp.dll" and "bszip.dll".
W32/Wurmark-K will create junk files with the following names, overwriting the original files if these exist:
regedit.com
taskmgr.exe
tasklist.com
taskkill.com
netstat.com
tracert.com
ping.com
cmd.com
|
