Easy Online Tips

Monday, January 23, 2006

Grow Up - WORM_GREW.A (Low Risk)

WORM_GREW.A propagates by attaching copies of itself to email messages that it sends to target addresses, using its own Simple Mail Transfer Protocol (SMTP) engine.
It can then send email messages without using mailing applications (such as Microsoft Outlook). It gathers email addresses from files with certain extensions, such as DOC, PSD, RAR, and ZIP. It also propagates through network shares, by searching the network for ADMIN$ and C$ shares, where it drops a copy of itself using the file name WINZIP_TMP.EXE. It is currently spreading in-the-wild, and infecting computers that run Windows 98, ME, NT, 2000, XP, and 2003 Server.

Upon execution, it drops and opens a .ZIP archive named SAMPLE.ZIP in the Windows system folder. This worm also deletes autostart registry entries, as well as associated files of several programs, most of which are related to security and antivirus applications. These routines may cause referenced programs to malfunction, effectively making the affected system more vulnerable to further attacks.

In addition, it is capable of disabling the mouse and keyboard of an affected system.


Post a Comment

Back to Online Tips