This mass-mailing worm propagates via email, mapped network-shared drives=,IRC, ICQ and KaZaA Peer-to-Peer file sharing.
It arrives through email with the following details: Subject: (any of the following)
Fw: Prohibited customers...
Re: Brigade Ocho Free membership
Re: According to Daos Summit
Fw: Avril Lavigne - the best
Re: Reply on account for IIS-Security
Re: ACTR/ACCELS Transcriptions
Re: The real estate plunger
Fwd: Re: Admission procedure
Re: Reply on account for IFRAME-Security breach
Fwd: Re: Reply on account for Incorrect MIME-header
Body: (any of the following)
Restricted area response team (RART)
Attachment you sent to %string% is intended to overwrite start address at
To prevent from the further buffer overflow attacks apply the MSO-patch
(*Where %string% is the same as the FROM field)
Microsoft has identified a security vulnerability in Microsoft=AE IIS 4.0= and 5.0 that is eliminated by a previously-released patch.
Customers who have applied that patch are already protected against the vulnerability and do not need to take additional action. Microsoft strongly urges all customers using IIS 4.0 and 5.0 who have not already done so to apply the patch immediately. Patch is also provided to subscribed list of Microsoft Tech Support:
Attachment: (any of the following)
It does not require the email receiver to open the attachment for it to execute. It uses a known vulnerability in Internet Explorer-based email
clients to execute the file attachment automatically, known as Automatic
Execution of Embedded MIME type.
More information about this vulnerability is available at Microsoft=92s Security Bulletin.
here:- click here
This malware also retrieves cached passwords and sends them to a specific email address and has the capability to terminate certain anti-virus
The worm runs on Windows 95, 98, NT, 2000, XP, and ME