Technorati
Digg
Delicious
Reddit
StumbleUpon
Facebook
Yahoo
Twitter
Faves
Newsvine
- Discovered:
- October 23, 2001
- Updated:
- February 13, 2007 11:37:30 AM
- Also Known As:
- W32/AntiWar
- Type:
- Worm, Virus
W32.Toal.A@mm is a mass-mailing email worm. The worm arrives as an attachment named Binladen_brasil.exe with a random subject line that makes a reference to the current situation in Afghanistan. The subject can be in a variety of different languages. The message body will be blank.
The worm exploits a vulnerability in Microsoft Outlook and Outlook Express in an attempt to execute itself when you open or even preview the message. Information on this, and a patch for the vulnerability can be found at http://www.microsoft.com/technet/security/bulletin/MS01-020.asp.
The worm creates Invictus.dll, which contains routines to infect executable files on the system and network drives. The worm also creates an open share on drive C.
This worm uses the file Invictus.dll to spread. Invictus.dll is detected by Norton AntiVirus as W32.Invictus.dll. This file is crucial to the propagation of the worm, and the worm may not function properly without it.
Antivirus Protection Dates
- Initial Rapid Release version October 23, 2001
- Latest Rapid Release version February 8, 2012 revision 003
- Initial Daily Certified version October 23, 2001
- Latest Daily Certified version February 8, 2012 revision 004
- Initial Weekly Certified release date pending
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Threat Assessment
Wild
- Wild Level: Low
- Number of Infections: 0 - 49
- Number of Sites: 0 - 2
- Geographical Distribution: Low
- Threat Containment: Moderate
- Removal: Moderate
Damage
- Damage Level: Medium
Distribution
- Distribution Level: Medium
Writeup By: Andre Post
