Discovered: September 17, 2002
Updated: February 13, 2007 11:40:32 AM
Type: Worm
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
W32.Appix.Worm is a worm that attempts to spread across file-sharing networks such as KaZaA and eDonkey2000. The worm infects PHP and PHTML files by appending code that is designed to infect other PHP, PHTML, HTM, and HTML files. It also uploads the W32.Appix.Worm to a client computer that visits the infected Web site. Also, W32.Appix.Worm contains it own SMTP client engine that permits it to replicate using email. The email may arrive with the following characteristics:
Subject: test23
Attachment: Test.scr (175,112 bytes or 176,128 bytes)
Due to buggy code some of the intended features of the worm are never executed. This may result in the display of error messages.
Protection
-
Initial Rapid Release version September 17, 2002
-
Latest Rapid Release version November 17, 2009 revision 033
-
Initial Daily Certified version September 17, 2002
-
Latest Daily Certified version November 17, 2009 revision 034
-
Initial Weekly Certified release date September 18, 2002
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.
Threat Assessment
Wild
-
Wild Level: Low
-
Number of Infections: 0 - 49
-
Number of Sites: 0 - 2
-
Geographical Distribution: Low
-
Threat Containment: Easy
-
Removal: Easy
Damage
Distribution
-
Distribution Level: Medium
Writeup By: Serghei Sevcenco