Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Threats » W32/Scold.A@mm

Overview

Threat Risk LOW LOW
Destructivity NONE NONE
Payload
Detection files published 10 Dec 2003 03:00:00
Description created 17 Dec 2003 03:28:00
Description updated 17 Dec 2003 03:28:00
Malware type WORM
Alias
Spreading mechanism EMAIL
Summary None

W32/Scold.A@mm

Spreading

Upon running, the worm will copy itself to the Windows directory using the name WARM.SCR, and display a small image of a baby seal.

It will add the following registry key to run from startup:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run ExeName32=[WINDIR]\WARM.SCR
It will then send itself to addresses found on the Outlook address book.

Payload Details

n/a

Analysis

n/a

Removal

n/a


Last Updated: 12 Nov 2015 11:06:15