Discovered: December 20, 2001
Updated: February 13, 2007 11:46:56 AM
Also Known As: I-Worm.Welyah, W32/Shoho.a@MM, W32/Shoho.b@MM, W32/Shoho.c@MM
Type: Worm
W32.Shoho@MM is a mass mailing worm that is written in Visual Basic. It sends itself as the attachment "Readme.txt (many blank spaces) .pif"
This worm also uses the IFRAME vulnerability that allows Microsoft Outlook to execute the attachment automatically. There are three variants of this worm. All are detected as W32.Shoho@mm.
Protection
-
Initial Rapid Release version December 21, 2001
-
Latest Rapid Release version July 19, 2008 revision 019
-
Initial Daily Certified version December 21, 2001
-
Latest Daily Certified version January 20, 2009 revision 048
-
Initial Weekly Certified release date pending
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.
Threat Assessment
Wild
-
Wild Level: Low
-
Number of Infections: 0 - 49
-
Number of Sites: 0 - 2
-
Geographical Distribution: Low
-
Threat Containment: Easy
-
Removal: Easy
Damage
Distribution
Writeup By: JP Duan
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine
