Another member of the Maldal worm family makes its début on the Internet.

Yet another variation of the prolific Maldal virus family is loose on the Internet. Maldal.I (w32.maldal.i@mm) is written in Visual Basic and is 23,552 bytes long. Like its cousin Reeezak, this latest version retards your system's overall performance by producing excess files on your hard drive. Because Maldal.I sends e-mail and does not delete data on infected computers, this worm ranks a 4 on the ZDNet Virus Meter.

How it works
Maldal.I arrives as e-mail with one of the following subject lines:

Fwd: Remember our survivors
Fwd: The demand of sex...where does it lead us to?
Fwd: Say 'I Love You' in 300 languages
Fwd: WoOoOoOow
Fwd:Wow , We are the same !
Fwd: [Muzicana-Group] Download what you want
Zakia Zakaria & Najati :P
Take a picture for your self (Don't be mad its only a joke)
Fwd:Is there any true love ?
Fwd:Have u ever seen your face?! (Funny)
Fwd:Against the power of women
Fwd:Fwd:If you care about your wife
Fwd:Say 'I Love You' in 300 languages
Fwd:Send it to every body you love ;)
Re:Fwd:Romantic Day
Fwd: Let's Dance & forget pains
Fwd:Loneliness ...
Fwd: [sex-is] HoT MoVies
Fwd: [SpanishGirlsGroup] Hola ...
Fwd: [LsbianLovers-group] Lick my asshole
Fwd:[Anal-sex-team] OOOH Faster
Fwd: [PussyLand-egroup] How sweet...
Fwd: [DrFun-egroup] Let's Laugh
Fwd: [FuNnY-egroup]Hehehehehe damn
Fwd: [SexyGurls-egroup] Raping a little gir
Fwd: [Scr-News-egroup] Have u ever seen BLOOD
Fwd: [Yabdoo-egroup]For HaCkers Lovers
Fwd: [Jews-egroup] Sharoon Owns The World
Fwd: [FunMaiL-group]Bush under bin laden's cock !!!
Fwd: [Teen-egroup] Three Ways For Love
Fwd: [RomanticLife-group] Learn How To Love ...
Fwd: [Gays-egroup]Oh Shittttt
Fwd:Remember our survivors
Fwd: [JewsFood-egroup] Dogs Meat !!!
Fwd: [PianoMoZart-egroup] Wow Romantic
Fwd:Tonight is... The Night Of Sex
Fwd: Are you looking for FUN !!!?
Fwd: [PussyPiss-egroup] Piss On my face :O
Fwd: [Finance-group] Do you wanna be a rich man?
Fwd:
Fwd: [lovedreams-egroup] love speaks from the heart ...
Fwd:Change your life with Dr.Jobreee
Fwd: [TeroNews-Group] Too Late ... Bin Laden has been killed
Fwd: [Pc.CLup-Group] Learn how to deal with DOS
Fwd:[RapingTeen-eGroup] Oh My God !!!
Fwd: The rights of women !!!

The body of the e-mail is blank, and the attached file can be program.exe, (system name).pif, or (random name).pif.

If the attached file is opened, Maldal.I first reads e-mail addresses from Web pages cached on the infected user's hard drive as well as from the Microsoft Outlook address book, then send out copies of itself. Maldal.I then displays a black background and red text on the desktop that reads:

"Sorry you have not registered Please contact us (phone numbers, email addresses and instructions on how to subscribe follows)."

Maldal.I creates several new entries, adding ZaCker.pif to the Windows and System directory and hide.pif to the Windows directory. Additionally, Maldal.I will add .pif to every file that matches its directory name, so within Windows, there will be a file named Windows.pif.

The worm then creates several entries in the Registry Run key that point to infected files all over the hard drive. The name of the value is equal to the directory that the PIF file was inserted in. For example, the added System \ system.pif file would be added to the Registry as Hklm \Software \Microsoft \Windows \ CurrentVersion \ Run system = "System\system.pif".

Five minutes after being run, the worm may display a black background with the following text in red letters:

ZaCker Is N YoUr MaChiNe

Prevention
Users of Microsoft Outlook 2002 and users of Outlook 2000 who have installed the Security Update should be safe from the PIF attachment that spreads Maldal. Users who have not upgraded to Outlook 2002 or who have not installed the Security Update for Outlook 2000 should do so. In general, do not open attached files in e-mail without first saving them to hard disk and scanning them with updated antivirus software. Contact your antivirus vendor to obtain the most current antivirus signature files that include Maldal.

Removal
Most antivirus software companies have updated their signature files to include this worm. This will stop the infection upon contact and, in some cases, will remove an active infection from your system. For more information, see McAfee, Norman, Sophos, Symantec, and Trend Micro.

Copyright © 2009 CBS Interactive, a CBS Company. All Rights Reserved.
ZDNET is a registered service mark of CBS Interactive. ZDNET Logo is a service mark of CBS Interactive.