W32.Fourseman.B@mm

W32.Fourseman.B@mm is a mass-mailing worm that attempts to spread itself through email, mIRC, and file-sharing networks.

The email messages will have the following characteristics:
Subject: (One of the following)

• New update!
• Interesting file
• Update your system
• A windows patch
• Very important!
• Try this patch that i've found yesterday, it's very useful!
• This Windows update is very simple and powerful! It helped me a lot!
• Check out this program, it has a lot of functions!

Attachment: (One of the following)

• WinUpdate.exe
• WindowsPatch.exe
• Updater.exe
• WinTool.exe
• BugFixer.exe
• Upgrade_Installer.exe
• Microsoft_patch_7209.exe
• Porn_Downloader.exe
• Soccer game.exe
• WinBugsFixInstaller.exe
• AIM password stealer.exe
• Norton AntiVirus Crack.exe
• Easy_Crack_creator.exe
• Christina Aguilera fucked.exe
• Pamela Anderson Sex.exe
• Saddam-Alive.exe
• Bin Laden-The truth.exe
• Hotmail password stealer.exe
• RegCleaner_Setup.exe
• Visual Studio Guide.exe

W32.Fourseman.B@mm is written in Visual Basic and may be compressed with UPX.

NOTE: Definitions dated prior to June 16, 2003 will detect this threat as W32.HLLW.Cidas@mm.

Protection

• Initial Rapid Release version June 12, 2003
• Latest Rapid Release version January 16, 2009 revision 048
• Initial Daily Certified version June 12, 2003
• Latest Daily Certified version January 20, 2009 revision 048
• Initial Weekly Certified release date June 18, 2003

Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

• Wild Level: Low
• Number of Infections: 0 - 49
• Number of Sites: 0 - 2
• Geographical Distribution: Low
• Threat Containment: Easy
• Removal: Moderate

Damage

• Damage Level: Low

Distribution

• Distribution Level: High