New worm threatens files in Aust

Antivirus companies are warning of a damaging new e-mail worm, which, when activated, deletes all files on drives labelled D, E, F and G.

The new worm is not widespread yet, with MessageLabs, who call the worm W32/SfxDeth.A-MM, reporting four copies intercepted. Two of those copies originated in Australia from OptusNet addresses.

The worm, dubbed W32/Lagel.A by antivirus company Panda Software, arrives in an e-mail titled "Fwd: Crazy Illegal Sex" with an attachment called IlleGal.exe. If the file is executed, the worm creates four new files on the computer and runs a series of graphics implying the e-mail was simply a joke.

The files created are MPLAYER.EXE, which is run every time windows is started up, ILLEGAL.EXE, which contains the worm's code, MMAILS.DLL, which stores the e-mail addresses the worm obtains from the system, and SMTP.OCX, an application used to mail messages.

The body of the e-mail also contains the warning "If u have a weak heart I warn u DON'T see dis Clip". If you have a weak virus protection system, ZDNet Australia   advises you don't run executable files received in e-mails.

Advertisement

Talkback 2 comments

    The warning about the virus has any body told the antivirus companies ie symnantec. The reason I ask is when I had a look at there virus libary I got nothing about it. So I can assume from that that my virus scanner will not pick up the virus ?.Bob Bailey -- 06/12/02

    The warning about the virus has any body told the antivirus companies ie symnantec. The reason I ask is when I had a look at there virus libary I got nothing about it. So I can assume from that that my virus scanner will not pick up the virus ?.

    I was one of the unlucky people to have received the W32/Holar.c@MM virus. The virus overwrote .exe, .ini, .sys, .zip, .txt and a few other select files in the root directory and c:\windows directory plus a few other select directories with a 2Steve Martinez -- 06/12/02

    I was one of the unlucky people to have received the W32/Holar.c@MM virus.

    The virus overwrote .exe, .ini, .sys, .zip, .txt and a few other select files in the root directory and c:\windows directory plus a few other select directories with a 215k message. Because all the critical files were corrupt, I was unable to load Windows ME on my Compaq computer. A startup disk allowed me to access DOS and I was able to salvage some files. Than I had to delete my entire harddrive and start from scratch.

    THIS VIRUS IS MORE DAMAGING THAN WHAT IS BEING REPORTED BY MCAFEE.

Add your opinion


Latest Videos

Blogs

  • Chris Duckett PayPal launches Aussie developer program
    PayPal announced the opening of its certification program for Australian developers today, making Australia the first country outside of the US to offer certification.
  • Array Cash cow in a BigTinCan?
    Around one third of Australia's telcos have shut their doors over time, but that isn't stopping new ventures hoping to chip away at carriers' mobile call bonanza. By fighting carriers at the smartphone rather than the home phone, could the latest two contenders be onto something big?
  • Array A third of the way to a zettabyte
    This week on Twisted Wire we look at how internet usage is changing in Australia and around the world. How are we meeting this demand and how is the cost structure changing for the service provider?
  • More blogs »

Tags

Back to top

Featured