English
Log in
Search
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

ホームDescriptionsEmail-Worm.Win32.Runouce.b

Email-Worm.Win32.Runouce.b

Detected May 14 2009 01:16 GMT
Released May 14 2009 05:19 GMT

There is currently no description for this program

If you’d like to find out more about how programs of this type function, please read about the general behavior of programs in the same class or sub-class (see right).

Because many programs of this type are slight modifications of older versions, the descriptions for these older versions may be of interest. Links to any available descriptions are displayed under the general description on the right of the screen.

If you can’t find a suitable description on our site, you can get more help from the Contact Us section.

Print
Bookmark and Share
Share
Viruses and worms
Email-Worm

Email-Worms spread via email. The worm sends a copy of itself as an attachment to an email message or a link to its file on a network resource (e.g. a URL to an infected file on a compromised website or a hacker-owned website).

In the first case, the worm code activates when the infected attachment is opened (launched). In the second case, the code is activated when the link to the infected file is opened. In both case, the result is the same: the worm code is activated.

Email-Worms use a range of methods to send infected emails. The most common are:

  • using a direct connection to a SMTP server using the email directory built into the worm’s code
  • using MS Outlook services
  • using Windows MAPI functions.

Email-Worms use a number of different sources to find email addresses to which infected emails will be sent:

  • the address book in MS Outlook
  • a WAB address database
  • .txt files stored on the hard drive: the worm can identify which strings in text files are email addresses
  • emails in the inbox (some Email-Worms even “reply” to emails found in the inbox)

Many Email-Worms use more than one of the sources listed above. There are also other sources of email addresses, such as address books associated with web-based email services.


Other versions
Email-Worm.Win32.Runouce.a

別名

Email-Worm.Win32.Runouce.b (Kaspersky Lab) は以下の名称でも知られています:

  • I-Worm.Runouce.b (Kaspersky Lab)
  • Virus: W32/Chir.b@MM (McAfee)
  • W32/Chir-B (Sophos)
  • Worm.Runouce.b (ClamAV)
  • W32/Chir.B (Panda)
  • W32/Thecid.B@mm (FPROT)
  • Virus:Win32/Chir.B@mm (MS(OneCare))
  • Win32.Runonce.6652 (DrWeb)
  • Win32/Chir.B worm (Nod32)
  • Win32.Runouce.B@mm (BitDef7)
  • JS.Chir.B (VirusBuster)
  • Win32:Runonce [Trj] (AVAST)
  • Email-Worm.Win32.Runouce (Ikarus)
  • I-Worm/Sober (AVG)
  • W32/Chir.B (AVIRA)
  • W32.Chir.B@mm (NAV)
  • W32/Chir.C (Norman)
  • Worm.ChineseHacker-2.a (Rising)
  • Email-Worm.Win32.Runouce.b [AVP] (FSecure)
  • PE_Chir.B-O (TrendMicro)
  • Win32.chir.b (v) (Sunbelt)
  • JS.Chir.B (VirusBusterBeta)

© 1997-2010 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.

kaspersky.com

Products

eStore

Threats

Downloads

Support

Partners

About Us

Search

securelist.com

Threats

分析

Blog

Descriptions

用語集

RSS feeds

Contacts

Search