W32/Chet.A@mm

Download VIRUSfighter NOW
W32/Chet.A@mm Destructivity: Spreading: Overall risk:
  
• Detected by virus detection files published: 9/11/2002 • Type: Worm
• Virus characteristics first published: 9/11/2002 • Spreading mechanism: Email
• Virus characteristics latest update: 12/17/2003 • Overall risk: Low
• Alias: W32/Anniv911, Win32/Chet • Payload:
• Infection type: Microsoft Windows 95/98/98 SE/ME/NT 4/2000/XP/2003/Vista  

Virus type Spreading
mechanism 		Destructivity
and payload 		Additional
descriptions 		Detection
and removal
Email characteristics:
  • Subject: All people!!
  • Body: Dear ladies and gentlemen!
    The given letter does not contain viruses and is not Spam.
    We ask you to be in earnest to this letter. As you know America and England have begun bombardment of Iraq, cause of its threat for all the world.
    It isn't the truth. The real reason is in money laundering and also to cover up traces
    after acts of terrorism on September, 11, 2001. Are real proofs of connection between Bush and Al-Qaeda necessary for you? Please! There is a friendly dialogue between Bin Laden and the secretary of a state security of USA in the given photos.

    (much more text omitted)

  • Attachment: 11september.exe
The worm sends itself over email to addresses found from the Windows address book and other sources.

The mail will appear to come from a Russian sender; these sender addresses are picked at random from a list.

When run, the worm will copy itself to the Windows System directory under the name SYNCHOST1.EXE, and will add a registry entry to load the file during startup.

It will also create an empty file called boot.txt in the root directory.
# - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Y - Z
To protect and serve, VirusFighter