咩係咩病毒??

惡意程式類別: Worm


圖片參考：http://www.trendmicro.com/global/common/images/px.gif


廣泛傳播: 是


圖片參考：http://www.trendmicro.com/global/common/images/px.gif


破壞性的: 不


圖片參考：http://www.trendmicro.com/global/common/images/px.gif


語言: English


圖片參考：http://www.trendmicro.com/global/common/images/px.gif


平台: Windows NT, 2000, XP, Server 2003


圖片參考：http://www.trendmicro.com/global/common/images/px.gif


加密的: 不


圖片參考：http://www.trendmicro.com/global/common/images/px.gif





整體的風險程度:

圖片參考：http://www.trendmicro.com/global/common/images/icons/status-gray-long.gif

低度





回報的感染案例:

圖片參考：http://www.trendmicro.com/global/common/images/icons/3-low.gif

低度


圖片參考：http://www.trendmicro.com/global/common/images/px.gif


損害可能性:

圖片參考：http://www.trendmicro.com/global/common/images/icons/3-high.gif

高度


圖片參考：http://www.trendmicro.com/global/common/images/px.gif


散佈可能性:

圖片參考：http://www.trendmicro.com/global/common/images/icons/3-high.gif

高度


圖片參考：http://www.trendmicro.com/global/common/images/px.gif









描述:

This worm propagates by sending a copy of itself as an attachment to email messages, which it sends to target recipients using its own Simple Mail Transfer Protocol (SMTP) engine. The said SMTP engine improves the propagation method of this worm since it is able to easily send email messages even without using other mailing applications, such as Microsoft Outlook.
It gathers target addresses from the Windows Address Book. Except for the file name Update-KB{random numbers}-x86, which always uses the .EXE extension, this worm uses double extension names in the attached file (example: BODY.DOC.BAT, DATA.ELM.EXE). The said method of naming tricks the user into thinking that the file is non-malicious.
It connects to the following URLs to download possibly malicious files:

http://{BLOCKED}nfushijinkertiondase.com:80/chr/817/s.exe
http://{BLOCKED}nfushijinkertiondase.com/chr/817/s.exe