I-Worm.Actem
Description I-Worm.Actem
Actem is a worm virus spreading via the Internet as an infected email attachment. The worm itself is a Windows PE EXE file about 61Kb in size, written in Visual Basic.
The infected messages body is empty.
The email Subject is:
"Try this, pretty cool"
There are two files attached to the email. One is a copy of the worm:
ActiveM.exe
While the other is a text file:
list.txt
Actem activates from the infected email only if a user clicks on the attached file. If activated the worm installs itself into the system and displays false messages.
The worm hides itself as an "Active Mouse" application and displays several false messages and menus when the infected file is run.
Actem shows this "active mouse" dialog window:
Other false messages displayed by Actem if executed:
Actem does not install itself to the system and is not active after having run - unless a user clicks on the infected attachment again.
To send out infected messages Actem uses MS Outlook to send messages to all addresses found in the Outlook address book.
Check other viruses! Be aware! Use Antiviral Software
Email-Worm.Win32.Bagle.da
Description Email-Worm.Win32.Bagle.da
This Bagle variant is unable to replicate independently and was mass mailed using spammer technologies. However, its functionality clearly shows that it is a member of the Bagle family. In terms of functionality it is extremely similar to Email-Worm.Win32.Bagle.cy. The worm arrives in a ZIP fileall
Email-Worm.Win32.Bagle.dx
Description Email-Worm.Win32.Bagle.dx
This worm spreads via the Internet as an attachment to infected messages. It also spreads via file-sharing networks. It sends itself to email addresses harvested from the victim machine. It includes a backdoor function. The worm itself is a Windows PE EXE file approximately 21KB in size, packedall
|