W32.Evaman.C@mm is a mass-mailing worm that sends HTTP Get requests to the Web site, email.people.yahoo.com, to obtain email addresses. It also retrieves the email addresses from Windows Address Book files and from the files with the extensions .adb, .asp, .cfg, .dbx, .dhtm, .eml, .htm, .html, .jse, .jsp, .mmf, .msg, .ods, .php, .pl, .sht, .shtm, .shtml, .tbb, .txt, .wab, and .xml.
W32.Evaman.C@mm uses its own SMTP engine to send itself to the email addresses that it finds.
The email will have one of these subjects:
- SN: New secure mail
- Secure delivery
- failed transaction
- Re: hello (Secure-Mail)
- Re: Extended Mail
- Delivery Status (Secure)
- Re: Server Reply
- SN: Server Status
This threat is compressed with UPX.
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.