WORM_ZAR.A

Discussion in 'malware problems & news' started by Randy_Bell, Jan 21, 2005.

Thread Status:
Not open for further replies.
  1. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
    WORM_ZAR.A is a mass-mailing worm that uses its own Messaging Application Programming Interface (MAPI) engine to propagate. It gathers email addresses from Microsoft Outlook, and sends itself as an attachment. It runs on all Windows platforms (95, 98, ME, NT, 2000, and XP), and is currently spreading in-the-wild.

    This mass-mailing worm drops the following files in the Windows folder:

    * crssr.exe
    * raz32.exe
    * tsunami.exe

    It then creates a registry entry to ensure that it automatically executes at every Windows startup.

    The worm propagates via email using MAPI. It gathers recipient addresses from Microsoft Outlook, and sends a copy of itself as an attachment. The email it sends contains the following details:

    Subject:
    Tsunami Donation! Please help!

    Body:
    Please help us with your donation and view the attachment below! We need you!

    Attachment:
    tsunami.exe

    This worm also also attempts to perform a distributed denial of service attack (DDoS).

    If you would like to scan your computer for WORM_ZAR.A or thousands of other worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's free, online virus scanner at: http://housecall.trendmicro.com/

    WORM_ZAR.A is detected and cleaned by Trend Micro pattern file #2.359.00 and above.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.