Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Threats » W32/FBound.A@mm

Overview

Threat Risk NONE NONE
Destructivity NONE NONE
Payload
Detection files published 13 Mar 2002 03:00:00
Description created 12 Mar 2002 07:52:00
Description updated 16 Jan 2003 07:35:00
Malware type WORM
Alias W32/Zypt
Spreading mechanism EMAIL
Summary None

W32/FBound.A@mm

Spreading

This email worm will, when run, pack itself with password into a small ZIP file called 666.ZIP, which will be located in the Windows TEMP folder. The password will be a random combination of eight letters.

It will then search the Windows Address Book and web pages found on the infected computer for email addresses to send itself to.

The worm uses it's own SMTP emailing code to perform the mailing. It can send two different style emails; one with the ZIP file attached, and the password mentioned in the body, and one with just the executable CHECK.EXE attached.

(Image not available)


The usage of a password protected ZIP file is to specifically avoid being detected by email scanners, which can not scan inside encrypted files.

Payload Details

n/a

Analysis

n/a

Removal

n/a


Last Updated: 12 Nov 2015 11:06:14