WORM_INFORYOU.A
Overview
Solution
Technical Details
Statistics

QUICK LINKS  

Download the latest scan engine

Malware type: Worm

Aliases: Email-Worm.Win32.Padowor.a (Kaspersky), W32/Inforyou.gen@MM (McAfee), W32.Inforyou.A@mm (Symantec), Worm/Padowor.A (Avira), W32/Inforyou-A (Sophos), Worm:Win32/Inforyou.A@mm (Microsoft)

In the wild: Yes

Destructive: No

Language: English

Encrypted: No

Overall risk rating:

 Low

Reported infections:

 Low

Damage potential:

 High

Distribution potential:

 High

Description: 

This worm propagates via email using its own SMTP (Simple Mail Transfer Protocol) engine. This capability allows it to send messages even without using popular email clients such as Microsoft Outlook or Outlook Express.

It utilizes social engineering techniques to send out email with spoofed subjects and message bodies randomly selected from a list of strings. Social engineering, a propagation technique that is widely utilized by most worm programs, invests largely on computer users' instinctive tendency to open email messages, execute attachments that are enticing and apparently harmless, and download and unknowingly open attractively named files.

Below are samples of email messages this worm sends out:

Subject: Update your credit client program.

Message body:
Hello, my name is <spoofed name>, i am from branch of State Central Bank.
Too hour ago my manager, has asked me to notify you about that our firm has released the new version of credit client program, unfortunately to send the program from work i have not had time therefore i send file from home. Information about account program inside package.
Don`t forget unlock pass is AmoE4fI2s15L46.
I am sorry, <spoofed name>.

Attachment: NWUpdate.pif

Subject: Their image.

Message body:

Greetings, do you remember you spoke something about their image in a naked kind?
I have found a little bit, i don`t know it is pleasant to you whether or not but i have decided to give to see it to you (magic wordJM3QkMRg8X906).
As you will decide to have a rest with me, call.
winxp.

Attachment: 6MyPhoto.zip

Apart for simply spreading via email, this worm is also capable of performing distributed denial of service (DDoS) attacks against specific Web sites. It does this by sending numerous HTTP requests to these sites, which may cause an increase in network traffic and ultimately, cause their servers to crash.

It also downloads a file from certain Web sites, whic, as of this writing, is detected by Trend Micro as BKDR_BERBEW.O.

For additional information about this threat, see:
Solution
Technical Details
Statistics

Description created: Feb. 18, 2005 7:05:43 PM GMT -0800
Description updated: Feb. 24, 2005 7:54:45 PM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.
 

Quick Links