Main Menu
Home
Bookmark
Contact Us

Categories
  Adware
  Adware Bundler
  AOL Exploit
  Backdoor
  Browser Hijacker
  Browser Plug-in
  Commercial Key Logger
  Commercial Remote Control
  Cookie
  Dialer
  E-Mail Flooder
  Hostile ActiveX Control
  ICQ Exploit
  Joke Program
  Key Logger
  Loader
  Low Risk Adware
  Misc
  Nuker
  P2P
  Password Hijacker
  Potential Privacy Risk
  Potentially Dangerous Tools
  RAT
  Search Hijacker
  Security Disabler
  Spyware
  Stealth Notifier
  Surveillance
  Toolbar
  Trojan
  Trojan Downloader
  Trojan FTP
  Trojan Telnet
  Viruses
  Worm
 


 
I-Worm.Anset. Viruses Information

Name: I-Worm.Anset.
Category: Viruses
Description: Details
I-Worm.Anset.a

This is the worm virus spreading via the Internet being attached to infected emails. The worm itself is a Windows PE EXE file about 462Kb of length (or about 186Kb in UPX packed form), written in Delphi.
The message has followed fields:
Subject: ANTS Version 3.0
Message body:
Hi, Anhängend die neue Version 3.0 von ANTS, dem bislang einzigartigen kostenlosen Trojanerscanner. Zum installieren einfach die angefügte Datei ausführen. Attached you will find the brand new Version 3.0 of ANTS, the unique freeware trojan scanner. To install ANTS simply run the attached setup file.
Adieu, Andreas
webmaster@avnetwork.de
http://www.ants-online.de
Attached filename: ants3set.exe
The e-mail and Web-site mentioned in the message are fake and the author of the ANTS anti-Trojan scanner (Andreas Haak) is not responsible for this mass mailing

The worm activates from infected email only in case a user clicks on attached file. The worm then installs itself to the system and runs spreading routine.
While installing the worm copies itself to Windows directory with random generated name, for example:
zfcy.exe
BM.exe
GG.exe
hlutl.exe
and registers this file in system registry auto-run key:
HKCUSoftwareMicrosoftWindowsCurrentVersionRunonce ""="C:Windows.exe"
To proliferate the worm obtains victim email addresses from MS Outlook address book, then looks for following files on C: drive:
*.php *.htm *.shtm *.cgi *.pl
and extracts more email addresses from there, if there are any. Then the worm copies its EXE file with C:ANTS3SET.EXE name, attaches it email message and sends to victim addresses by using direct connection to SMTP server.
The worm has some mistakes in its spreading routine and in some cases it cannot spread.



Top Viruses Visited Pages:
Invader. - 239 visits
not-a-virus:RiskWare.Tool.RegPatch. - 73 visits
Worm.P2P.Harex. - 66 visits
not-a-virus:RemoteAdmin.Win32.RAdmin.2 - 60 visits
Small.58. - 56 visits
Coito.64 - 54 visits
I-Worm.Mapson. - 48 visits
Win32.Hidra - 43 visits
Win16.Klon.1177 - 42 visits
Marine.500 - 35 visits

Random Viruses Pages:
Quell.51
I-Worm.Amus.
TrojanProxy.Win32.Webber.
RP.
Youth Famil
Chloride.480.
Backdoor.Win32.Agent.n
Macro.Word97.Crypto
Monika.68
Macro.Word97.Gabl


 

© 2006-2008 spyware32.com - Privacy Policy