Richard_Cranium72
09-03-2001, 02:45 PM
Release Date : 09/03/2001
I-Worm/Apost
------------
It is a new mass mailing worm written in Visual Basic.
The worm is spreading as a file README.EXE in messages with the
subject:
As per your request!
and the body:
Please find attached file for your review.
I look forward to hear from you again very soon.
Thank you.
When is the README.EXE file is executed it copies itself into Windows
directory and create in the registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run
a value named "macrosoft"
pointing to the dropped copy of the worm.
Then the worm takes email addresses from Outlook address book
and starts sending itself.
Next, it displays a message box with a button 'Open'. When
you click on it, a fake error message appears:
WinZip SelfExtractor: Warning
CRC eror: 234#21
* Free Edition : http://www.grisoft.cz/softw/60/fe/d601n5mv.bin
Main Update Page : http://www.grisoft.com/html/us_updt.cfm
I-Worm/Apost
------------
It is a new mass mailing worm written in Visual Basic.
The worm is spreading as a file README.EXE in messages with the
subject:
As per your request!
and the body:
Please find attached file for your review.
I look forward to hear from you again very soon.
Thank you.
When is the README.EXE file is executed it copies itself into Windows
directory and create in the registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run
a value named "macrosoft"
pointing to the dropped copy of the worm.
Then the worm takes email addresses from Outlook address book
and starts sending itself.
Next, it displays a message box with a button 'Open'. When
you click on it, a fake error message appears:
WinZip SelfExtractor: Warning
CRC eror: 234#21
* Free Edition : http://www.grisoft.cz/softw/60/fe/d601n5mv.bin
Main Update Page : http://www.grisoft.com/html/us_updt.cfm