|
|
I-Worm.Malda Viruses Information
| Name: |
I-Worm.Malda |
| Category: |
Viruses |
| Description:
|
Details
I-Worm.Maldal
This is a dangerous virus-worm that spreads via the Internet attached to infected e-mails. It installs another Internet worm: I-Worm.Maldal. The worm also creates destructive payloads.
The worm itself is a Windows PE EXE file about 36.5K in length, and is written in Visual Basic 5.
The infected messages contain:
The worm is activated from an infected e-mail only when a user clicks on the attached file. The worm then installs itself to the system, runs its spreading routine and payload. It displays the following picture only once:
Installation
While installing, the worm copies itself to the Windows system directory with the name "Christmas.exe" and registers this file in the system registry auto-run key.
HKLMSoftwareMicrosoftWindowsCurrentVersionRun
Zacker = < windir >Christmas.exe
Spreading via E-mail
To send infected messages, the worm uses MS Outlook, and sends messages to all addresses found in the Outlook address book.
Installation of the other worm
The worm changes a start page for the Internet Explorer to the:http://geocities.com/jobreee/ZaCker.htm*.
This HTM file contains another Internet worm: VBS.Kerza that will be run after Internet Explorer has been started.
Destructive payload
The worm blocks a keyboard and tries to delete all files in the Windows System directory.
*WARNING: DO NOT USE THIS LINK! |
Top Viruses Visited Pages:
Invader. - 239 visits
not-a-virus:RiskWare.Tool.RegPatch. - 73 visits
Worm.P2P.Harex. - 66 visits
not-a-virus:RemoteAdmin.Win32.RAdmin.2 - 60 visits
Small.58. - 56 visits
Coito.64 - 54 visits
I-Worm.Mapson. - 48 visits
Win32.Hidra - 43 visits
Win16.Klon.1177 - 42 visits
Marine.500 - 35 visits
Random Viruses Pages:
StealthBombe
Worm.Win32.Eyeveg.
I-Worm.Wineva
Bastard.197
I-Worm.Thonic.
Macro.Word.NiceDa
Minzdrav.47
Macro.Word.Spook
Fred.65
Win95.Obsolete.141
|
|
