WORM_ZAR.A is a mass-mailing worm that uses its own Messaging Application Programming Interface (MAPI) engine to propagate. It gathers email addresses from Microsoft Outlook, and sends itself as an attachment. It runs on all Windows platforms (95, 98, ME, NT, 2000, and XP), and is currently spreading in-the-wild. This mass-mailing worm drops the following files in the Windows folder: * crssr.exe * raz32.exe * tsunami.exe It then creates a registry entry to ensure that it automatically executes at every Windows startup. The worm propagates via email using MAPI. It gathers recipient addresses from Microsoft Outlook, and sends a copy of itself as an attachment. The email it sends contains the following details: Subject: Tsunami Donation! Please help! Body: Please help us with your donation and view the attachment below! We need you! Attachment: tsunami.exe This worm also also attempts to perform a distributed denial of service attack (DDoS). If you would like to scan your computer for WORM_ZAR.A or thousands of other worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's free, online virus scanner at: http://housecall.trendmicro.com/ WORM_ZAR.A is detected and cleaned by Trend Micro pattern file #2.359.00 and above.