Home / malware Win32.Apost.A@mm
First posted on 21 November 2011.
Source: BitDefenderAliases :
Win32.Apost.A@mm is also known as I-Worm.Apost.
Explanation :
This virus is an Internet Worm working on Windows systems. It spreads through e-mails as an attached file and is activated when the user executes the attachment.
When is executed the virus copies itself in the root of every drive (including floppy-disk) under the name readme.exe. Also it copies itself in the Windows directory and sets the following registry key to be executed at every startup:
HKCUSoftwareMicrosoftWindowsCurrentVersionRunmacrosoft with the value
%windir%
eadme.exe where %windir% is C:Windows or C:Winnt.
After this, it uses MAPI (Mailing Aplication Programming Interface) to send an e-mail to every contact in the user's Address Book and sets Outlook to erase these messages after they are sent.
The mail looks like this:
Subject: As per your request!
Body:
Please find attached file for your review.
I look forward to hear from you again very soon. Thank you.
Attachment: readme.exe
An example of this type of e-mail is:
After this spreading routine, the virus displays the following window, waiting for the user to click the button Open:
When the user click the button, it shows a fake error message:
Also the virus executes again the spreading routine and copies itself again and send again the e-mails.Last update 21 November 2011
