|
I-Worm.Apost (AKA "Readme" Viruses Information
| Name: |
I-Worm.Apost (AKA "Readme" |
| Category: |
Viruses |
| Description:
|
Details
I-Worm.Apost (AKA "Readme")
This is a virus-worm that spreads via the Internet as an attachment to infected e-mails. The worm itself is a Windows PE EXE file about 25Kb in length and written in Visual Basic Script.
The infected messages contain the following:
Subject: As per your request!
Attach: README.EXE
Body: Please find attached file for your review.
I look forward to hear from you again very soon. Thank you.
The worm activates from infected e-mail only in the case when a user clicks on the attached file. The worm then installs itself to the system, runs the spreading routine, and displays two fake messages:
While installing, the worm copies itself to the Windows directory with the README.EXE name and registers that file in the system registry auto-run key:
HKCUSoftwareMicrosoftWindowsCurrentVersionRun macrosoft = README.EXE
To send infected messages, the worm uses MS Outlook and sends messages to all addresses found in the Outlook address book.
The worm also copies itself to the root directory of all local fixed and remote (network) drives with the same README.EXE name. |
Top Viruses Visited Pages:
Invader. - 233 visits
not-a-virus:RiskWare.Tool.RegPatch. - 70 visits
Worm.P2P.Harex. - 65 visits
not-a-virus:RemoteAdmin.Win32.RAdmin.2 - 59 visits
Small.58. - 56 visits
Coito.64 - 54 visits
I-Worm.Mapson. - 47 visits
Win16.Klon.1177 - 42 visits
Win32.Hidra - 42 visits
Marine.500 - 35 visits
Random Viruses Pages:
Simbioz.33
Critter.101
Trojan-Downloader.Win32.Delf.c
Rotce
Macro.Word.Wmv
AsmVir Famil
Macro.Word.Passwor
Win32.Ruff.485
Macro.Word97.Layl
Crusade.307
|
