||||
Symantec.com > Security Response > Threats and Risks > W32.Israz@mm
PRINT THIS PAGE

W32.Israz@mm

Risk Level 2: Low

Printer Friendly Page

Discovered: July 2, 2003
Updated: February 13, 2007 12:03:22 PM
Also Known As: W32.Akosw@mm, Win32.Israz.A [CA], W32/Israz.worm [McAfee], Worm_Israz.A [Trend], W32/Israz-A [Sophos], I-Worm.Israz [KAV]
Type: Worm
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP


W32.Israz@mm is a mass-mailing worm that sends itself to all the contacts in the Windows Address Book.

The email has the following characteristics:

From: update@microsoft.com
Subject: Windows Update
Message:
Your file is attached to message.
For more information go to Windows Update http:/ /windowsupdate.microsoft.com
Attachment: Update.exe

From: update@microsoft.com
Subject: PS1
Message:
Your file is attached to message.
For more information go to Windows Update http:/ /windowsupdate.microsoft.com
Attachment: Q322593.exe

From: help@google.com
Subject: Update Your ToolBar
Message:
Your file is attached to message.
For more information go to Google home page http:/ /www.google.com
Attachment: ToolBar.exe

From: help@google.com
Subject: Auto Search Wizard
Message:
Your file is attached to message.
For more information go to Google home page http:/ /www.google.com
Attachment: Wizard.exe

From: copyright@yahoo-inc.com
Subject: Yahoo FAQ
Message:
Your file is attached to message.
For more information go to Yahoo home page http:/ /www.yahoo.com
Attachment: FAQ

From: copyright@yahoo-inc.com
Subject: Support For Search
Message:
Your file is attached to message.
For more information go to Yahoo home page http:/ /www.yahoo.com
Attachment: Support.exe

From: <the infected user's email address>
Subject: You must to see that
Message:
Your file is attached to message.
Attachment: Fun.exe

This worm spreads itself through the KaZaA file-sharing network and is written in the Microsoft C++ programming language.

NOTE: Definitions dated prior to July 11, 2003 may detect this threat as W32.Akosw@mm.

Protection

  • Initial Rapid Release version July 3, 2003
  • Latest Rapid Release version July 19, 2008 revision 019
  • Initial Daily Certified version July 3, 2003
  • Latest Daily Certified version January 20, 2009 revision 048
  • Initial Weekly Certified release date July 8, 2003

Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

  • Wild Level: Low
  • Number of Infections: 0 - 49
  • Number of Sites: 0 - 2
  • Geographical Distribution: Low
  • Threat Containment: Easy
  • Removal: Moderate

Damage

  • Damage Level: Low

Distribution

  • Distribution Level: High

Writeup By: Yana Liu
Search by name
Example: W32.Beagle.AG@mm
Learn more about Zero-Day / Operation Aurora / Hydraq
Symantec DeepSight Screensaver
©1995 - 2010 Symantec Corporation
Site Map|
Legal Notices|
Privacy Policy|
|
Contact Us|
Global Sites|
License Agreements|
RSS