VIRUS ADVISORY: W32/[email protected] – Medium Risk
Current VirusScan users with DAT 4395 are protected from
this threat. Learn more about W32/[email protected] here:
–> What is it?
W32/[email protected] is a Medium Risk mass-mailing worm that installs
a Remote Access component that can provide hackers access to
your computer. Carried inside an email attachment, the virus
spreads by emailing itself to e-mail addresses found on
your computer and copies itself to folders used by popular
file-sharing programs such as KaZaa, Bearshare and Limewire.
Like its predecessors, it also tries to terminate anti-virus
and other security software protection.
Note: To fortify anti-virus defense against viruses that
carry backdoor payloads, we recommend installing McAfee Personal
–> What should I look for?
FROM: Varies (spoofed)
SUBJECT: Re:, Re: Hello, Re: Thank you!, Re: Thanks :),
BODY: :), :))
ATTACHMENT: Price, price, Joke (with an extension of .exe,
.scr, .com or .cpl)
–> How do I know if I’ve been infected?
Communication Port 81 (TCP) open. Outgoing messages with
noted body content and attachments.
–> How do I find out more?