W32/Brid.A@mm
| W32/Brid.A@mm |
Destructivity:  Spreading:  Overall risk: 
|
| • Detected by virus detection files published: 11/6/2002 | • Type: Worm |
| • Virus characteristics first published: 11/6/2002 | • Spreading mechanism: Email |
| • Virus characteristics latest update: 12/17/2003 | • Overall risk: Medium |
| • Alias: W32/Braid.A, PE_BRID | • Payload: Installs virus |
| • Infection type: Microsoft Windows 95/98/98 SE/ME/NT 4/2000/XP/2003/Vista |
| Virus type |
Spreading mechanism |
Destructivity and payload |
Additional descriptions |
Detection and removal |
||||||||||
Email characteristics:
When executed, it will send itself to all users in the Outlook address book. It does this by contacting the mail server directly. When the worm spreads via email the user(s) may be infected by only previewing or opening the mail in Outlook/Outlook Express. This is accomplished using a known security hole "Incorrect MIME Header Can Cause IE to Execute E-mail Attachment". Information and patch is available from: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-020.asp The security hole is a known issue with Internet Explorer versions 5.01 and 5.5 without SP2 . Users who have this configuration should apply the available patch. It installs several files to the hard disk - some which contain the worm itself, and some which contain a new variant of the FunLove virus. This variant of FunLove is very minor, and is detected and cleaned by NVC already. It will also modify the Registry in such a way as to start the worm from bootup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run regedit [systemdir]\regedit.exe |
||||||||||||||