high
Summary
Summary
Action- More Information
| How it spreads |
|
|---|---|
| Affected operating systems | Windows |
| Characteristics |
|
| Included in our products from | May 2005 (3.93) |
| Protection available since | 28 January 2005 05:57:09 (GMT) |
| Last updated | 6 April 2005 17:39:48 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please follow the instructions for removing worms.
More Information
W32/Wurmark-F is a mass mailing worm which sends itself as a zip attachment to email addresses found on the infected computer.
When run the worm displays the image uglym.jpg as it installs itself on the computer.
 |
| The image displayed by the Wurmark-F worm. |
W32/Wurmark-F drops several files to the Windows system folder. W32/Wurmark-F will drop attached.zip, which is a zip file containing W32/Wurmark-F, and xxz.tmp, which is a copy of the worm. W32/Wurmark-F will also drop the following clean files:
ANSMTP.DLL
bszip.dll
uglym.jpg
W32/Wurmark-F will drop a file belonging to the W32/Rbot family of worms filename svchosts.exe.
W32/Wurmark-F harvests email addresses from files with the extensions:
WAB
ADB
TBB
DBX
ASP
PHP
HTM
HTML
SHT
TXT
DOC
The worm will skip email addresses containing the following strings:
.gov
ada
avg
gri
icro
lavat
mcae
nod
panda
rsky
soph
sophos
symac
The zip file containing W32/Wurmark-F called attached.zip is attached to emails sent by the worm appearing to originate from the listed addresses containing those below and taking the following forms along with others:
adead_poet@hotmail.com
alex_edwards2000@msn.com
romeorichard@google.com
apiffany@cnet.com
Subject: Hhahahah lol!!!!
Body:
i found this on my computer from ages ago
download it and see if you can remember it
lol i was lauging like mad when i saw it! :D
email me back haha...
Subject: Your Pic On A Website!!
Body:
I was looking at a website and came across
this pic they look just like you! infact im sure
it is lol , did you send this pic into them ? or
is it someonce else :S ? Ive Added the pic in
a zip so download it and check & email me back!
The file within the attachment can have one of the following
names:
Pic_001.jpg.scr
Sexy_09.jpg.scr
Scan_04.jpg.scr
W32/Wurmark-F is a mass mailing worm which sends itself as a zip attachment to email addresses found on the infected computer.
When run the worm displays the image uglym.jpg as it installs itself on the computer.
|
| The image displayed by the Wurmark-F worm. |
W32/Wurmark-F drops several files to the Windows system folder. W32/Wurmark-F will drop attached.zip, which is a zip file containing W32/Wurmark-F, and xxz.tmp, which is a copy of the worm. W32/Wurmark-F will also drop the following clean files:
ANSMTP.DLL
bszip.dll
uglym.jpg
W32/Wurmark-F will drop a file belonging to the W32/Rbot family of worms filename svchosts.exe.
W32/Wurmark-F harvests email addresses from files with the extensions:
WAB
ADB
TBB
DBX
ASP
PHP
HTM
HTML
SHT
TXT
DOC
The worm will skip email addresses containing the following strings:
.gov
ada
avg
gri
icro
lavat
mcae
nod
panda
rsky
soph
sophos
symac
The zip file containing W32/Wurmark-F called attached.zip is attached to emails sent by the worm appearing to originate from the listed addresses below and taking the following forms:
adead_poet@hotmail.com
alex_edwards2000@msn.com
romeorichard@google.com
apiffany@cnet.com
sexy_lil_thing@no-ip.com
cutie_pie@ogrish.com
easy_lay666@lovenet.com
hunk_hogan78@hallmark.com
britany_slut56@sex.com
tit_fuck_909@gmail.com
good_fuck12@yahoo.com
blowjob_lips666@romance.com
tit_fuck_909@paltalk.com
sexy_guy88@aol.com
mucle_bound_hunk892@download.com
Subject: Hhahahah lol!!!!
Body:
i found this on my computer from ages ago
download it and see if you can remember it
lol i was lauging like mad when i saw it! :D
email me back haha...
Subject: Your Pic On A Website!!
Body:
I was looking at a website and came across
this pic they look just like you! infact im sure
it is lol , did you send this pic into them ? or
is it someonce else :S ? Ive Added the pic in
a zip so download it and check & email me back!
Subject: Rate My Pic.......
Body:
Hi ive sent 5 emails now and nobody will rate
my pic!! :( please download and tell me what you
think out of 10 , dont worry if you dont like it
just say i wont be offended p.s i was drunk when
it was taken :P
Subject: You have an Admirer
Body:
Someone has asked us on there behalf to send
you this email and tell you they think you are
wonderfull!!! All the The mystery persons details
you need are enclosed in the attachment :)
please download and respond telling us if you
would like to make further contact with this
person.
Regards Hallmark Admirer Mail Admin.
The file within the attachment can have one of the following
names:
Pic_001.jpg.scr
Sexy_09.jpg.scr
Scan_04.jpg.scr
Photo_01.jpg.scr
admire_001.jpg.scr
is_this_you.jpg.scr
love_04.jpg.scr
for_you.pif
|
