You are here: silicon.com > Resources > White Papers

White Papers

W32.Maldal.D@mm (Symantec)

Overview Name: W32.Maldal.D@mm

Discovered on: December 29, 2001
Last Updated on: December 29, 2001 at 10:30:56 PM PST

W32.Maldal.D@mm was written and distributed on December 28th of 2001. The virus code is in Visual Basic. It is about 27KB in size packed with Aspack. The worm utilizes Outlook to spread itself to everybody in the Outlook address book.

Threat Assessment: Medium

Threat containment: Easy

Removal: Easy

Payload: Large scale e-mailing: Utilizes Outbook to mail everyone in the Outlook Address Book Deletes files: Attempts to delete antivirus software and files with the following extensions: .INI, .PHP, .EXE, .COM, .MPEG, .DAT, .ZIP, .TXT, .EXE, .XLS, .DOC,.JPG.

Causes system instability: Critical system files may have been deleted

Subject of email: ZaCker
Name of attachment: Name of infected
computer from which the worm
was sent.exe or ZaCker.exe

Size of attachment: 27Kbytes

Technical description: When executed the first time the worm will install itself as win.exe in the WINDOWS\SYSTEM directory. It will also add a registry entry modifing the RUN field by adding an entry named "system" that will point to the WIN.EXE file. This is to load the worm a second time. However in the majority of the cases the machine can not boot after the worm has been executed as explained later.

After this it will get the name of the machine. This is because the worm wants to send mails with a subject line that has the name of the computer. The actual attachment in the mail is an EXE file, the worm itself with the name of the machine such as mypc.exe. If executed again, the worm will use a subject "ZaCker" and an attachent called ZaCker.exe. This is because the worm renames the computer to "ZaCker".

Click through to the alert text for disinfection information.

Further White Paper Details
Publisher	Symantec	File Format	HTML
Date Published	December 2001	Downloads	3
Format	White Papers
Topics	N/A

Did you find this white paper useful?

Delivering Information in Real Time

Publisher:
IBM

IDC reports on Novell's Secure Desktop Solution: A Modern-Day Marriage of Business Benefit and Risk Reduction

Publisher:
Novell

Green IT: Reducing your Carbon Footprint with Citrix

Publisher:
Citrix Systems

A Day in a Low Carbon Life 2012

Publisher:
IBM

Does 802.11n deliver better wireless services for Enterprises?

Publisher:
Siemens

Worm alert: Maldal-I wriggling its way to an inbox near you...

The body text of the email is usually blank and the file name of the attachment is most likely to be PROGRAM.EXE. Both worms spread as an .exe attachment, and arrive in in-boxes with many different email subject lines.

Channel:
Security Strategy

Virus Alert: Shakira joins the chick-worm posse

If the user runs the attachment the message forwards itself to every name in the users' Microsoft Outlook address book. The worm arrives as an email with the subject line "Shakira Pics" and an attachment entitled "ShakiraPics.jpg.vbs".

Channel:
Security Strategy

Antivirus virus on the loose

It attempts to attach itself to all the .exe file in the Windows and C:\Program Files\Mirc\download folders, but due to bugs in the software may crash the computer or corrupt files in these folders. It is more usual to receive a hoax email claiming...

Virus warning: Latest worm exploits SARS fears

The Coronex worm uses a variety of subject lines, message bodies and attachment names to entice users into clicking including "Severe Acute Respiratory Syndrome", "SARS Virus" and Hongkong.exe. Called W32/Coronex the mass-mailing worm will infect...

Channel:
SME Director

Password-stealing Dumaru worm on the loose

The name of the unzipped file includes a large number of spaces to hide the final .exe and to make it look, at a glance, like a JPEG graphic. Such systems often block .exe files, but usually allow .zip files through.

Channel:
Security Strategy

Virus warning: Multilingual anti-firewall worm found

EXE.or Com attachments, and according to F-Secure, the worm "terminates all applications that have 'firewall' or 'virus' in their file-name". Zafi.B copies itself to the Windows System Directory when activated, and replicates itself as either...

Channel:
Malware

Virtualisation: Architectual Considerations and other Evaluation Criteria

In the past several years, server virtualisation technology has moved quickly and firmly into the IT mainstream. Of the many approaches to system virtualisation available in the market today, VMware's hypervisor architecture has gained the greatest market acceptance. This paper examines the architectural issues, solution support, and enterprise readiness required when deploying such a virtualisation solution.

Publisher:
EMC

Getting Started with Master Data Management

Master data management forms part of an overall enterprise governance program that aims to establish trusted data throughout the enterprise. This white paper from Mike Ferguson of Intelligent Business Strategies defines master data, examines why it is needed, and explores methodologies for implementing master data management.

Publisher:
DataFlux

Optimising Storage with Global File Virtualisation

This white paper will provide an overview on how Rainfinity Global File Virtualisation virtualises unstructured data environments and moves data -including active, open files-without disruption to users or applications. Rainfinity is the only enterprise-class file virtualisation solution, and delivers complete NAS optimisation across geterogeneous environments, such as NAS, CAS, and file servers.

Publisher:
EMC

Also on silicon.com

Site Navigation:

White Papers

W32.Maldal.D@mm (Symantec)

Quick Sitemap Links:

About Us

Search

Blogs

Verticals

Advertising Features

CNET Networks in Europe

CNET Networks in the United States

CNET Networks in Asia Pacific