W32.Jonbarr.D@mm

W32.Jonbarr.D@mm, which is a variant of the W32.Jonbarr@mm worm, is a mass-mailing worm that uses its own SMTP engine to send itself to all the email addresses it finds in the .htm files and in temporary Internet files. Additionally, the worm attempts to terminate the processes of various antivirus programs.

The email has the following characteristics:

Subject:
Microsoft Windows Patch
or
Re:hya
From: "Microsoft" <support@microsoft.com>
Reply-To: "Microsoft" <microsoft@microsoft.com>
Message: Please open the attachment if want to get supprise!
Attachment: install.exe

When the attachment is opened, W32.Jonbarr.D@mm displays the message:

Happy Birthday My!

Merdeka!

W32.Jonbarr.D@mm is written in the Microsoft C++ programming language and is compressed with UPX.

Protection

• Initial Rapid Release version September 5, 2003
• Latest Rapid Release version August 20, 2008 revision 017
• Initial Daily Certified version September 5, 2003
• Latest Daily Certified version August 20, 2008 revision 016
• Initial Weekly Certified release date September 10, 2003

Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

• Wild Level: Low
• Number of Infections: 0 - 49
• Number of Sites: 0 - 2
• Geographical Distribution: Low
• Threat Containment: Easy
• Removal: Moderate

Damage

• Damage Level: Medium

Distribution

• Distribution Level: High