W32.Zoher@mm

Risk Level 2: Low

Printer Friendly Page

Discovered: December 24, 2001

Updated: February 13, 2007 11:37:54 AM

Also Known As: Sheer, I-Worm.Zoher, W32/Sheer.A-mm

W32.Zoher@mm is a worm that comes in an email message with a subject of "Fw: Scherzo!" and an attachment named Javascript.exe. The body of the email message contains a message in Italian.

The worm exploits a vulnerability in Microsoft Outlook and Outlook Express in an attempt to execute itself when you open or preview the message. Further information and a patch to remove the vulnerability can be found at

http://www.microsoft.com/technet/security/bulletin/MS01-020.asp

Protection

Initial Rapid Release version December 24, 2001
Latest Rapid Release version November 13, 2008 revision 048
Initial Daily Certified version December 24, 2001
Latest Daily Certified version January 20, 2009 revision 048
Initial Weekly Certified release date pending

Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

Wild Level: Low
Number of Infections: 0 - 49
Number of Sites: 0 - 2
Geographical Distribution: Low
Threat Containment: Easy
Removal: Easy

Damage

Damage Level: Low

Distribution

Distribution Level: High

Writeup By: JP Duan

Technical Details

Search Threats

Search by name

_{Example: W32.Beagle.AG@mm}

Learn more about Zero-Day / Operation Aurora / Hydraq