Jump to content



Recommended Posts

WORM_GREW.A propagates by attaching copies of itself to email messages that it sends to target addresses, using its own Simple Mail Transfer Protocol (SMTP) engine. It can then send email messages without using mailing applications (such as Microsoft Outlook). It gathers email addresses from files with certain extensions, such as DOC, PSD, RAR, and ZIP. It also propagates through network shares, by searching the network for ADMIN$ and C$ shares, where it drops a copy of itself

using the file name WINZIP_TMP.EXE. It is currently spreading in-the-wild, and infecting computers that run Windows 98, ME, NT, 2000, XP, and 2003 Server.


Upon execution, it drops and opens a .ZIP archive named SAMPLE.ZIP in the Windows system folder. This worm also deletes autostart registry entries, as well as associated files of several programs, most of which are related to security and antivirus applications. These routines may cause referenced programs to malfunction, effectively making the affected system more vulnerable to further attacks.


In addition, it is capable of disabling the mouse and keyboard of an affected system.

Link to comment
Share on other sites

a.k.a. Nyxem-D it seems:




A worm claiming to offer pictures from the Kama Sutra has begun circulating by email in the latest attempt by virus writers to infect Windows machines by relying on a combination of user stupidity and supposedly salacious content.


The Nyxem-D worm (AKA Blackmal-E) arrives as the infectious payload of email messages with spoofed sender addresses claiming to offer obscene pictures or pornographic movie clips.


If activated, Nyxem-D tries to disable security software. It also tries to harvest email addresses from infected PCs in a routine designed to draw up a hit list of targets for infection. Nyxem-D is programmed to download updates of its code onto infected PCs.


Standard defensive precautions against viral attacks apply in defending against Nyxem-D. Users are urged to patch systems up to date and update anti-virus signature definition files. Resisting the temptation to open unsolicited email attachments is also a good idea, of course.




Edit: TCH-Bruce - removed direct link and off color language. These are family forums.

Link to comment
Share on other sites

  • 4 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...