Worm/Letum.A - Worm

See also

Summary

Full description

Statistics

Virus:	Worm/Letum.A
Date discovered:	02/04/2006
Type:	Worm
In the wild:	Yes
Reported Infections:	Low
Distribution Potential:	Low
Damage Potential:	Low
Static file:	Yes
File size:	32.768 Bytes
MD5 checksum:	f7abbd19b9b4cf6ce7d261d6f1684a0e
VDF version:	6.34.00.127

General Method of propagation:
   • No own spreading routine

Aliases:
   • Symantec: MSIL.Letum.A@mm
   • Mcafee: MSIL/Letum.a@MM
   • Kaspersky: Email-Worm.MSIL.Letum.a
   • TrendMicro: WORM_LETUM.A
   • Sophos: W32/Letum-A
   • Bitdefender: Win32.Letum.A@mm

Platform / OS:
   • Windows XP

It displays the content of created pictorial files:

Files It copies itself to the following location:
• %randomly chosen directory%\Letum.exe

Registry The following registry key is added in order to run the process after reboot:

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
• "Letum"="%paths to malware copies%\\Letum.exe"

The following registry key is added:

– [HKCU\Software\Retro]
• "Letum"="%paths to malware copies%\\Letum.exe"

Email It contains an integrated SMTP engine in order to send emails. A direct connection with the destination server will be established. The characteristics are described in the following:

From:
The sender of the email is the following:
• peter_ferrie@symantec.com

To:
– Email addresses found in specific files on the system.

Mailing Search addresses:
It searches the following file for email addresses:
• html

Avoid addresses:

MX Server:
It does not use the standard MX server.
It has the ability to contact the MX server:
• mail.primaryhost.org.uk

Miscellaneous Checks for an internet connection by contacting the following web site:
• msnews.microsoft.com:119

See a brief description here.

Description inserted by Alexandru Tudor on Mon, 10 Apr 2006 16:39 (GMT+1)
Description updated by Andrei Ivanes on Tue, 09 May 2006 14:03 (GMT+1)

» About Malware
» About Phishing
» Viruses In the Wild

« back