A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z
Also see: Hoax Encyclopedia | Repair Center | News Briefs | Glossary
|
According to initial reports from MSNBC and Trend Micro the worm/Trojan dubbed Troj_Shockwave, W32/ProLin@mm, Pro Linux, Creative, and W95.Creative@mm exhibits the following characteristics:
Type: Email worm and Trojan
Systems Affected: Windows 32-bit systems
Payload: Renames .JPG and .ZIP files, then moves them to the root of the local drive (C:\).
ITW: Yes
Origin:
Description: Spread via email as an attched file named CREATIVE.exe. The body of the email reads:
“Check out this new flash movie that I downloaded just now ... It’s Great
Pro-Linux then drops a text file, MESSAGEFORU.TXT, which reads as follows:
Bye”
“Hi, guess you have got the message. I have kept a list of files that I have infected under this. If you are smart enough just reverse back the process. i could have done far better damage, i could have even completely wiped your harddisk. Remember this is a warning & get it sound and clear... - The Penguin.”
Pro-Linux then mass mails itself to all the recipients in the infected user's address book, after which it sends an email to the presumed author, with the subject: "Job complete". The message body of that email reads, "Got yet another idiot.”
What to look for: Search for MESSAGEFORU.TXT or CREATIVE.EXE
How to prevent it: Do not open attachments received unexpectedly even if from known senders. Most email worms take advantage of the infected user's address book, and thus email worms are most likely to be received from a known source.
