i-worm.gismo
Webroot Antivirus: The best protection against viruses, spyware data theft and hackers.
Description:
Details
I-Worm.Gismor
This is the worm virus spreading via the Internet being attached to infected emails. The worm itself is Windows PE EXE file about 8Kb of length written in Assembler.
The infected messages have following fields:
Mail From: < Gismo@gmx.de >
From: MP3 Deluxe
To: My best friends
Subject: Phenomenal
Body: body is empty
Attach: MP3Player.exe
To run from infected message the worm uses IFrame security breach. The worm then installs itself to the system and runs spreading routine.
While installing the worm copies itself to Windows system directory with the SSMS.EXE name and registers this file in system registry auto-run key:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
To send infected messages the worm uses direct connection to default SMTP server, or to "mail.gmx.net" server.
To get victims' email addresses the worm uses Windows MAPI functions and reads emails from email boxes.
Copyright @2006 i-worm.gismo