Technorati
Digg
Delicious
Reddit
StumbleUpon
Facebook
Yahoo
Twitter
Faves
Newsvine
- Discovered:
- October 7, 2003
- Updated:
- February 13, 2007 12:12:14 PM
- Type:
- Worm
- Systems Affected:
- Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
W32.Valha@mm is a mass-mailing worm that retrieves email addresses from the Microsoft Outlook Inbox, Outbox, and address book. It uses Outlook to send itself to the email addresses it finds.
The email has the following characteristics:
Subject: A very funny game for you!
Attachment: Game.<%extension%>
Subject: If you need the latest patch...
Attachment:Patch.<%extension%>
Subject: The full updater!
Attachment:Update.<%extension%>
Subject: Program installer
Attachment:Installer.<%extension%>
Subject: The setup you needed
Attachment:Setup.<%extension%>
Subject: New Program
Attachment:Program.<%extension%>
Subject: Very useful utility!
Attachment:Utility.<%extension%>
Subject: This fix a lot of problems!
Attachment:BugFix.<%extension%>
Subject: Really cool Screen Saver!
Attachment:Screen_Saver.<%extension%>
Subject: Complete guide
Attachment:Guide.<%extension%>
Where <%extension%> is one of the following:
.com
.pif
.bat
.scr
.exe
The worm also attempts to spread through file-sharing networks, as well as mIRC and ICQ.
This threat is written in the Microsoft Visual C++ programming language and is compressed with UPX.
Antivirus Protection Dates
- Initial Rapid Release version October 8, 2003
- Latest Rapid Release version September 28, 2010 revision 054
- Initial Daily Certified version October 8, 2003
- Latest Daily Certified version September 28, 2010 revision 036
- Initial Weekly Certified release date October 8, 2003
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Yana Liu
