 |
W32/Peacomm.WT Worm
| Name |
W32/Peacomm.WT Worm |
| Aliases |
Email-Worm.Win32.Zhelatin.wq, Win32/Nuwar.D, Win32/Nuwar.CG, Troj/Dorf-BA, Win32/Sintun.DC |
| Discovered on |
April 01, 2008 |
 Virus Information - W32/Peacomm.WT Worm:
W32/Peacomm.WT is a worm. The worm will infect Windows systems and spreads through email.
The infected email carries a spoofed 'From' address picked up randomly from the infected system.
The subject of the infected email will be any one of the following:
 Gotcha!
Surprise!
Today's Joke!
All Fools' Day
April Fools' Day
Doh! All's Fool.
Doh! April's Fool.
Gotcha! All Fool!
Gotcha! April Fool!
Happy All Fools Day!
Happy All Fool's Day.
Happy All Fools!
Happy April Fools Day!
Happy April Fools!
Happy Fools Day!
I am a Fool for your Love
Join the Laugh-A-Lot!
Surprise! The joke's on you.
Today You Can Officially Act Foolish
Wise Men Have Learned More from Fools...
One who is sportively imposed upon by others on the first day of April
The body of the infected email will be any one of the following:
Happy All Fools! http://(Random IP)
All Fools' Day http://(Random IP)
I am a Fool for your Love http://(Random IP)
Gotcha! http://(Random IP)
Gotcha! April Fool! http://(Random IP)
Upon execution, the worm drops the following files:
aromis.exe in the Windows folder,
aromis.config in the Windows folder.
It alters the windows registry at the following location to load itself during next startup:
HKEY_USERS\(SID)\Software\Microsoft\Windows\CurrentVersion\Run\aromis
The worm also alters the Windows Time service.
|
