high
Summary
Summary
Action- More Information
| How it spreads |
|
|---|---|
| Affected operating systems | Windows |
| Characteristics |
|
| Included in our products from | July 2006 (4.07) |
| Protection available since | 24 May 2006 00:59:30 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please follow the instructions for removing worms.
More Information
W32/Zasran-A is a worm for the Windows platform.
The worm downloads configuration data from a remote site that defines further behaviors.
W32/Zasran-A spreads via email. Email sent by W32/Zasran-A contains a message text written in German. W32/Zasran-A is a worm for the Windows platform.
The worm creates the file <System>\mszsrn32.dll (also detected as W32/Zasran-A) and injects code into the winlogon.exe process in an attempt to hide certain activity.
The worm downloads configuration data from a remote site that defines further behaviors.
W32/Zasran-A spreads via email. Email sent by W32/Zasran-A contains a message text written in German.
The worm avoids sending email to addresses containing the following:
berkeley
borland.com
bsd.it
contact
debian
drweb.
gnu.org
google
ibm.com
kaspersky
microsoft.com
php.net
postmaster
privacy
rating
register
secure
service
sophos
sun.com
support
webmaster
Attached files have the ZIP file extension with one of the following randomly chosen base names:
Abbild-Der-Rechnung
Anhang
Anhang-Tickets
archiv
Auszahlungen
bank-kontoauszuge
Desktop
Kontoauszug
Neuer Ordner
New Folder
Postbank
Postbank-Ueberweisungen
Rechnung
Rechnung-Anhang
Tickets
Ueberweisung
Weltmeisterschaft
WM-Anhang
WM-Tickets
|
