Discussion in 'malware problems & news' started by Randy_Bell, Jun 11, 2004.

Thread Status:
Not open for further replies.
  1. Randy_Bell

    Randy_Bell Registered Member

    May 24, 2002
    Santa Clara, CA
    WORM_PLEXUS.C is a recently discovered worm that uses its own SMTP engine to send copies of itself via email. Emails appear with subject headers like: "Order" or "Good Offer". Messages appear to be from a familiar person.

    Examples of messages:
    "Look at my new screensaver. I hope you will enjoy"
    "In this archive you can find all those things, you asked me"

    The message comes with an .EXE attachment. Once executed, WORM_PLEXUS.C drops several copies of itself onto the infected system and creates Windows registry entries to automatically execute at each system startup.

    To propagate, WORM_PLEXUS.C looks for files with the following extension names to retrieve email addresses and domain names: HTM, HTML, PHP, TBB, TXT. This worm can also drop copies of itself in the Kazaa (peer-to-peer network) shared folder, and propagate through network shares with full access rights.

    This worm's code also contains the following text:
    "KAV I'm Expletus !!!, Made in China"

    This worm is currently in-the-wild and affects Windows 95, 98, ME, NT, 2000, and XP operating systems.

    If you would like to scan your computer for WORM_PLEXUS.C or thousands of other worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's free, online virus scanner at: http://housecall.trendmicro.com

    WORM_PLEXUS.C is detected and cleaned by Trend Micro pattern file #902 and above.
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.