W32/Manymize-A

Discussion in 'malware problems & news' started by Technodrome, Jul 30, 2002.

Thread Status:
Not open for further replies.
  1. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    W32/Manymize-A is an email-aware worm which executes as soon as the user has opened or previewed the worm message. The message contains embedded files called Mi2.EXE, Mi2.HTML, Mi2.CHM and Mi2.WMV.

    W32/Manymize-A uses the IFrame construct to run Mi2.WMV (a short video clip) in the Windows Media Player, which runs the script that opens Mi2.CHM. Mi2.CHM executes Mi2.exe.

    This executable is the main part of the worm. It creates the email messages with the above files embedded and sends itself to all entries from Windows Address Book.

    This executable also sends another three emails to randomly choosen addresses from a list of 120 names predefined in the worm code.

    The email subject line and message text are randomly generated from the following four lists and combined with usernames from the Windows address book:

    listN1:
    "Hi ",
    "Dear ",
    "My friend, ",
    "How are you !! ",
    listN2:
    ", See this",
    ", Open the"
    ", Attached is my",
    ", Watch my",
    listN3:
    " funny",
    " interesting",
    " cute",
    " amusing",
    " special",
    listN4:
    " video.",
    " movie.",
    " penguin.",
    " clip.",
    " tape."

    e.g. <listN1><username> and <listN1><username><listN2><listN3><listN4> correspondingly.


    Technodrome
     
Thread Status:
Not open for further replies.