W32.Vote.K@mm

W32.Vote.K@mm is a mass-mailing worm that overwrites and deletes numerous files on an infected system. The worm uses Microsoft Outlook to send itself to all the contacts in Outlook Address Book and attempts to spread through the KaZaA file-sharing network. The email has the following characteristics:
Subject: THE WAR HAS STARTED !
Attachment: WTC32.scr

When W32.Vote.K@mm is executed, it displays a message titled "WORLD TRADE CENTER." The worm also attempts to overwrite .com, .exe, .scr, .bmp, .jpg, .mp3, .mpg, .rar, .wav, and .zip files with a copy of itself.

This worm is written in the Microsoft Visual Basic programming language.

NOTE: Definitions dated September 8, 2003 or earlier may detect this threat as Bloodhound.W32.VBWORM.

Protection

• Initial Rapid Release version September 8, 2003
• Latest Rapid Release version August 20, 2008 revision 017
• Initial Daily Certified version September 8, 2003
• Latest Daily Certified version January 20, 2009 revision 048
• Initial Weekly Certified release date September 10, 2003

Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

• Wild Level: Low
• Number of Infections: 0 - 49
• Number of Sites: 0 - 2
• Geographical Distribution: Low
• Threat Containment: Easy
• Removal: Moderate

Damage

• Damage Level: High

Distribution

• Distribution Level: High