W32.Ackantta.B@mm

W32.Ackantta.B@mm is a mass-mailing worm that gathers email addresses from the compromised computer and spreads by copying itself to removable drives and shared folders.

Note: As of February 25, 2009, Symantec began observing an increase in the number of Trojan.Vundo infections as a direct result of W32.Ackantta.B@mm.

For more information, please read the following:
Trojan.Vundo
Trojan.Awax
For Love or Money—Social Engineering by W32.Ackantta.B@mm

Protection

• Initial Rapid Release version February 25, 2009 revision 036
• Latest Rapid Release version October 22, 2009 revision 025
• Initial Daily Certified version February 25, 2009 revision 039
• Latest Daily Certified version October 22, 2009 revision 040
• Initial Weekly Certified release date March 4, 2009

Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

• Wild Level: Medium
• Number of Infections: 1000+
• Number of Sites: 10+
• Geographical Distribution: Medium
• Threat Containment: Moderate
• Removal: Moderate

Damage

• Damage Level: Medium
• Payload: Spreads through email, removable drives and shared folders.
• Large Scale E-mailing: Spams email.
• Compromises Security Settings: Disables various security-related programs .

Distribution

• Distribution Level: Medium
• Subject of Email: Job offer from Coca Cola!; Thank you for your application; You have got a new E-Card from your friend!; You have received A Hallmark E-Card!
• Name of Attachment: copy of your CV.zip, e-card.zip, job-application-form.zip, postcard.zip
• Target of Infection: Removable drives and shared folders.