When Worms Attack

[wenwilder]

When Worms Attack - WORM_ATAK.A (Low Risk)
------------------------------------------------------------------------
WORM_ATAK.A is a worm that propagates via email, using its own Simple Mail
Transfer Protocol (SMTP) engine. It looks for email recipients in files with
specific extensions, in the infected computer. It runs on Windows 95, 98, ME,
NT, 2000, and XP.

Upon execution, this memory-resident worm drops a copy of itself as HINT.EXE
in the Windows system folder. This worm modifies the WIN.INI file and the
registry, to allow itself to automatically execute at every system startup.

Using its own SMTP (Simple Mail Transfer Protocol) engine to propagate via
email, the worm sends email with the following details:

From: (any of the following)
Andrew
george
kevin

Subject: (any of the following)
Important Data!
Read the Result!

Message body: Authorized Researcher Only.

Attachment: (any of the following)
A .zip
<3-7 random lower-case characters>.zip.

Using double extension names with many spaces in between them, the file
contained in the .ZIP attachment is made to appear as a picture file
(example: ABCD.GIF. EXE).

The worm obtains target recipients' email addresses from files with the
following extensions found in the local machine:

ADB
ASP
CFG
CGI
DBX
EML
HTM
HTM
JSP
LOG
MBX
MHT
MSG
NCH
ODS
PHP
PL
SHT
TBB
TXT
UIN
VBS
WAB
XML

If you would like to scan your computer for WORM_ATAK.A or thousands of
other worms, viruses, Trojans and malicious code, visit HouseCall, Trend
Micro's free, online virus scanner at: http://housecall.trendmicro.com/

For additional information about WORM_ATAK.A please visit: http://www.trendmicro.com/vinfo/viru...me=WORM_ATAK.A