W32.Appix.Worm

W32.Appix.Worm is a worm that attempts to spread across file-sharing networks such as KaZaA and eDonkey2000. The worm infects PHP and PHTML files by appending code that is designed to infect other PHP, PHTML, HTM, and HTML files. It also uploads the W32.Appix.Worm to a client computer that visits the infected Web site. Also, W32.Appix.Worm contains it own SMTP client engine that permits it to replicate using email. The email may arrive with the following characteristics:
Subject: test23
Attachment: Test.scr (175,112 bytes or 176,128 bytes)





Due to buggy code some of the intended features of the worm are never executed. This may result in the display of error messages.

Protection

• Initial Rapid Release version September 17, 2002
• Latest Rapid Release version November 17, 2009 revision 033
• Initial Daily Certified version September 17, 2002
• Latest Daily Certified version November 17, 2009 revision 034
• Initial Weekly Certified release date September 18, 2002

Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

• Wild Level: Low
• Number of Infections: 0 - 49
• Number of Sites: 0 - 2
• Geographical Distribution: Low
• Threat Containment: Easy
• Removal: Easy

Damage

• Damage Level: Medium

Distribution

• Distribution Level: Medium