PDA

View Full Version : Mass mailing worm


caleb_yee
26-08-03, 17:06
W32.Zush@mm is a mass-mailing worm that sends itself to all the addresses in the Microsoft Outlook Address Book.

W32.Zush@mm copies itself to %System%\Setup32.exe, and then sends email to all the contacts it finds in the Microsoft Address Book.

The email has the following characteristics:

Subject: Vazna informacija!
Body:
Hi! I Missed you so much!
I was on holiday last week so please take a look at my image collection!

or:

Zdravo!
Ako imas vremena, molim te pogledaj ovaj program peticije!
Nadamo se tvom glasu!

or:

Postovani korisnici!
Na Internetu se pojavio veoma opasan crv koji se vec prosirio i na nase prostore!
Da bi zaustavili crva, molimo da instalirate ovaj patch za MS Internet Explorer!
Unaprijed se zahvaljujemo,
Bih.net.ba Team

or:

Hej jarane!
Mi smo jedna programerska grupa koja se bavi programiranjem u VB-u, C++-u, itd.
Saljemo ti email, ako zelis da nam se pridruzis u zajednickom radu na jednom velikom projektu
na kojem sada radimo, a tice se malog biznisa!
Za vise informacija oko tog projekta pogledaj fin. program koji ti saljemo!
Hvala unaprijed!

Attachment: Setup32.exe

NOTE: %System% is a variable. The worm locates the System folder and copies itself to that location. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

to kill it...
1.Disable System Restore (Windows Me/XP).
2.Update the virus definitions.
3.Run a full system scan and delete all the files detected as W32.Zush@mm.

No jokes guys...keep ya pc alive.