Dec 16

W32.Chir@mm

By admin
Add comments
Virus
 
12 views
Name W32.Chir@mm
Type
Affected Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
Risk Level 2: Low
Discovered June 8, 2002
Update February 13, 2007 11:54:44 AM
Length
Info W32.Chir@mm is a mass-mailing . It uses its own SMTP engine to send itself to email addresses. The SMTP server that the uses is a static one, which means that if a specific SMTP server is not running, the cannot spread.

The creates Runouce.exe (note the letter "u") in the %System% folder. Runouce.exe has the same form as the file that was originally received as an email attachment. The email message arrives with the following characteristics:

From: <username>@hotmail.com or iloveyou@btamail.net.cn
Subject: Hi, i am <username>
Attachments: P.exe

W32.Chir@mm also searches across the network and accesses files on computers. However, due to a bug, these files are not modified in any way.

If you open the message in an unpatched version of Microsoft Outlook or Outlook Express, the attachment may be executed automatically. Information about this vulnerability and a patch are available at:
http://www.microsoft.com/technet/security/bulletin/MS01-020.asp

NOTE: Definitions dated prior to June 11, 2002 will detect this as W32.Chier@mm.
Threat Assessment

Wild

  • Wild Level: Low
  • Number of Infections: 0 – 49
  • Number of Sites: 0 – 2
  • Geographical Distribution: Low
  • Threat Containment: Easy
  • Removal: Easy

Damage

  • Damage Level: Low

Distribution

  • Distribution Level: High
Writeup By: Cary Ng
Details >W32.Chir@mm
convert this post to pdf. Tags: , ,

Related Virus

"Free Scan W32.Chir@mm

Print This Virus article Print This Virus article

This entry was posted on Sunday, December 16th, 2007 at 8:59 am and is filed under Virus. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Comment

You must be logged in to post a comment.