New Mass mailing worm - Wurmark 

A mass-mailing worm has been discovered on the eve of New Year. It sends an unusual kind of message via email with attachment of photograph of nude bodies. This worm has been given the name W32/Wurmark-D worm.

Tell us what do you think about this Topic ? Click to share your opinion!

The email represents itself fictitiously as a seasonal greeting with an amusing file. Whenever anybody opens the attached file a virus is launched, which displays a graphic image of nude men and women contorting to form the words "HAPPY NEW YEAR" simultaneously the malicious worm starts its work of spreading itself to other computers.

W32/Wurmark-D is a mass-mailing worm, which sends itself as a ZIP attachment to email addresses found on the infected computer. When run the worm displays the image newyear.jpg as it installs itself on the computer.

After getting activated this worm will use your computer for hunting other email addresses to send itself to other computers and will try and turn off anti-virus softwares installed on them.W32/Wurmark-D worm is also known as W32/Mugly.gen@MM.

Following are the characteristics of the Emails sent by the Wurmark-D worm.

It has subject: HAPPY NEW YEAR!!! Message body:

All the best in new year from our family here is a litle attachment to make you smile in new year email me back haha...

Subject: MARY CHRISTMAS from our family

Message body: All the best in new year and christams from our family i was lauging like mad when i saw it! :D

Attached to the email is a ZIP file containing a file with one of the following names:
Sexy_new_year.scr,
HOT_NEW_YEAR.scr,
Marry_christmas.scr,
with_love.scr,
From_my_hart.scr,
new_year.scr, and
Hot_new_year.scr

Symptoms of W32/Wurmark-D worm:

• W32/Wurmark-D worm turns off anti-virus applications of the infected computers.

• W32/Wurmark-D worm sends itself to email addresses found on the infected computer.

• It forges the sender's email address.

• W32/Wurmark-D helps to install more malwares.

• It uses its own mailing engine.

How to remove W32/Wurmark-D worm?

Kindly take a backup before edit the registry.Edit the following registry entries.At the taskbar, click Start|Run. Type 'Regedit' and press Return. The registry editor opens.

On the 'Registry' menu:

Click 'Export Registry File'. In the 'Export range' panel, click 'All', and then save your registry as Backup.

Locate the HKEY_LOCAL_MACHINE entries:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run vb6 BT32.EXE

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices vb6 BT32.EXE

and delete them if they exist. Close the registry editor.

W32/Wurmark-D will drop ANSMTP.DLL, attached.zip, bszip.dll, newyear.jpg and xxz.tmp into the Windows system folder and bt32.exe into the C: folder. The worm will then create the following registry entries so as to auto-start on user logon or computer reboot:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run vb6 BT32.EXE

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices vb6 BT32.EXE

The worm also sets the additional registry entry:

HKCU\Software\Microsoft\OLE vb6 BT32.EXE

W32/Wurmark-D harvests email addresses from files with the extensions: WAB, ADB, TBB, DBX, ASP, PHP, HTM, HTML, SHT, TXT and DOC. The ZIP file containing W32/Wurmark-D is called attached.zip.

Emails sent by the worm appear to originate from the listed addresses below and take the following forms:

godfather@hotmail.com
alex@hotmail.com
George@gmail.com
marija@hotmail.com
mary13@gmail.com
cutie88@ogrish.com
BARBARA@hotmail.com
Jane78@hotmail.com
britany56@sex.com
michael77@gmail.com
admirer12@yahoo.com
funyblock@hotmail.com
tit_fuck_909@paltalk.com
barby56@aol.com
Jane44@download.com

Subject: HAPPY NEW YEAR!!!

Message body:

All the best in new year from our family here is a litle attachment to make you smile in new year
email me back haha...

Subject:

MARY CHRISTMAS from our family

Message body:

All the best in new year and christams from our family i was lauging like mad when i saw it! :D The file within the attachment may have one of the following names:
Sexy_new_year.scr
HOT_NEW_YEAR.scr
Marry_christmas.scr
with_love.scr
From_my_hart.scr
new_year.scr
Hot_new_year.scr

W32/Wurmark-D also attacks and attempts to terminate various anti-virus programs installed on infected computers.

Subscribe to "COMPTECH" ezine to get the latest news and updates on Computer Hardware, Software, Tips & Tutorials.

Enter your E-mail Address Enter your First Name (optional) Then Don't worry -- your e-mail address is totally secure. I promise to use it only to send you Mindpc.