W32.Israz@mm

W32.Israz@mm is a mass-mailing worm that sends itself to all the contacts in the Windows Address Book.

The email has the following characteristics:

From: update@microsoft.com
Subject: Windows Update
Message:
Your file is attached to message.
For more information go to Windows Update http:/ /windowsupdate.microsoft.com
Attachment: Update.exe

From: update@microsoft.com
Subject: PS1
Message:
Your file is attached to message.
For more information go to Windows Update http:/ /windowsupdate.microsoft.com
Attachment: Q322593.exe

From: help@google.com
Subject: Update Your ToolBar
Message:
Your file is attached to message.
For more information go to Google home page http:/ /www.google.com
Attachment: ToolBar.exe

From: help@google.com
Subject: Auto Search Wizard
Message:
Your file is attached to message.
For more information go to Google home page http:/ /www.google.com
Attachment: Wizard.exe

From: copyright@yahoo-inc.com
Subject: Yahoo FAQ
Message:
Your file is attached to message.
For more information go to Yahoo home page http:/ /www.yahoo.com
Attachment: FAQ

From: copyright@yahoo-inc.com
Subject: Support For Search
Message:
Your file is attached to message.
For more information go to Yahoo home page http:/ /www.yahoo.com
Attachment: Support.exe

From: <the infected user's email address>
Subject: You must to see that
Message:
Your file is attached to message.
Attachment: Fun.exe

This worm spreads itself through the KaZaA file-sharing network and is written in the Microsoft C++ programming language.

NOTE: Definitions dated prior to July 11, 2003 may detect this threat as W32.Akosw@mm.