Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Threats » W32/Chet.A@mm

Overview

Threat Risk LOW LOW
Destructivity NONE NONE
Payload
Detection files published 10 Sep 2002 03:00:00
Description created 10 Sep 2002 03:22:00
Description updated 11 Sep 2002 07:01:00
Malware type WORM
Alias W32/Anniv911
Win32/Chet
Spreading mechanism EMAIL
Summary None

W32/Chet.A@mm

Spreading

The worm sends itself over email to addresses found from the Windows address book and other sources.The mail will appear to come from a Russian sender; these sender addresses are picked at random from a list. When run, the worm will copy itself to the Windows System directory under the name SYNCHOST1.EXE, and will add a registry entry to load the file during startup.It will also create an empty file called boot.txt in the root directory.

Payload Details

n/a

Analysis

n/a

Removal

n/a


Last Updated: 12 Nov 2015 11:06:12