1. Symantec/
  2. Security Response/
  3. W32.Jonbarr.D@mm


Risk Level 2: Low

September 5, 2003
February 13, 2007 12:07:01 PM
Also Known As:
W32/Pepex@MM [McAfee]
Systems Affected:

W32.Jonbarr.D@mm, which is a variant of the W32.Jonbarr@mm worm, is a mass-mailing worm that uses its own SMTP engine to send itself to all the email addresses it finds in the .htm files and in temporary Internet files. Additionally, the worm attempts to terminate the processes of various antivirus programs.

The email has the following characteristics:

Microsoft Windows Patch
From: "Microsoft" <support@microsoft.com>
Reply-To: "Microsoft" <microsoft@microsoft.com>
Message: Please open the attachment if want to get supprise!
Attachment: install.exe

When the attachment is opened, W32.Jonbarr.D@mm displays the message:

Happy Birthday My!


W32.Jonbarr.D@mm is written in the Microsoft C++ programming language and is compressed with UPX.

Antivirus Protection Dates

  • Initial Rapid Release version September 5, 2003
  • Latest Rapid Release version October 26, 2017 revision 038
  • Initial Daily Certified version September 5, 2003
  • Latest Daily Certified version October 27, 2017 revision 003
  • Initial Weekly Certified release date September 10, 2003
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Yuhui Huang

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube