You should be cautious when receiving such email like this:
An email with attractive subject and content accompanied by an attached file is the typical motif for spreading Worms. You need to be prudent when receiving emails with unknown origins like this. Sometimes, the email itself has no content at all, but its attached file can somehow raise curiosity with an attractive name. When you open the attachment, the malicious code will be executed on your computer. The hacker then can steal sensitive information as well as control your computer for spamming purposes or DDoS attacks.
Thus, you should be cautious in receiving new information and at the same time, constantly update your antivirus software.
Below is the detailed analysis of the worm:
· Name: W32.Winer.Worm
· Family: W32.Winer.Worm
· Type: Worm
· Discovered: November 06, 2009
· Size: 19Kb
· Severity: Medium
· Reduces system security level.
· Registry modified.
· Automatically sends spam emails.
· Spread via emails.
· Do not open unknown attachments, especially files with .exe, .com, .pif and .bat extensions.
· Dumps files "ifmq.kqo" into folder %SysDir%
· Downloads and installs backdoors on compromised computers.
· Modifies "Shell" value in key HKLM\...\Winlogon to activate virus at Windows start-up.
· Automatically spreads spams with the content taken from server : http://18.104.22.168/li[removed]popo/bb.php?id=&v=200&tm=2&b=200
Analyst : Nguyen Cong Cuong