My application
Simon Cousins
simon at simoncousins.com
Mon May 19 14:58:56 EST 2003
Nathan,
One of my Windows boxen got this thing this morning. The boxen's licensed
corporate NAV client doesn't update itself automatically because the company
I work for hasn't actually put the NAV back-end in place. D'uh.
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.mankx@mm.ht
ml
W32.HLLW.Mankx at mm
Discovered on: May 18, 2003
Last Updated on: May 18, 2003 05:25:14 PM
W32.HLLW.Mankx at mm is a mass-mailing worm that will send itself to all e-mail
addresses it finds in files with the following extensions:
.wab
.dbx
.htm
.html
.eml
.txt
The e-mail message will have the following characteristics:
From:
support at microsoft.com
Subject:
Your details
Approved (Ref: 38446-263)
Re: Approved (Ref: 3394-65467)
Your password
Re: My details
Screensaver
Cool screensaver
Re: Movie
Re: My application
Attachment:
your_details.pif
ref-394755.pif
approved.pif
password.pif
doc_details.pif
screen_temp.pif
screen_doc.pif
movie28.pif
application.pif
The worm will also spread itself to all network resources by copying itself
to the following folders on all shared resources:
Windows\All Users\Start Menu\Programs\StartUp
Documents and Settings\All Users\Start Menu\Programs\Startup
NOTE: The worm deactivates on 5/31/2003, therefore, the last date the worm
will spread will be 5/30/2003
Type: Worm
Infection Length: 52,898 bytes
Systems Affected: Windows 95, Windows 98, Windows NT, Windows 2000, Windows
XP, Windows Me
Simon Cousins
simon at simoncousins.com
> Can someone please help to identify this virus ?
>
> Regards,
>
> Nathan.
>
>
> On Mon, 19 May 2003 support at microsoft.com wrote:
>
> > All information is in the attached file.
More information about the wireless
mailing list