Full
Name: |
W32.Heartworm.a |
| Type: |
Worm |
| Also Known As: |
VirtualCard, heart worm |
| Danger Level: |
7 |
| Category Description: |
Virus-like program that spreads automatically to other computers by sending itself out by email or by any other means. A program that propagates itself by attacking other machines and copying itself to the affected machine.
Worms have self-replicating code that travels from machine to machine by various means. A worms first objective is merely propagation. Worms can be destructive depending on what payload they have been given. Worms may replace files, but do not insert themselves into files. |
| Comment: |
The infection spreads by running a file in circulation on Russian webhosting sites claiming to have a "virtual card" waiting for them - when the file is run, a picture of a heart containing a poem is launched, and the infected user will pass the infection link to their contacts on MSN Messenger with the phrase "olha o que eu fiz pra vc....curti ai...[url removed]"
Immediately after installation, it downloads a file from a Russian domain. Then it opens up a .gif. Then it makes a call back to the before mentioned domain and downloads another file.
It also sends information about your computer to the distributor's e-mail address through an SMTP connection. This includes internal network information such as devices on the network. |
| |
|
| Properties: |
|
Back to the list of products removed by X-Cleaner
|
