Computer Crime Research Center

Lagel worm wipes files

(by James Pearce)

All data on drives labelled D, E, F and G is at risk from a new worm doing the rounds in Australia

Antivirus companies are warning of a damaging new e-mail worm, which, when activated, deletes all files on drives labelled D, E, F and G.

The new worm is not widespread yet, with email screening firm MessageLabs, who call the worm W32/SfxDeth.A-MM, reporting four copies intercepted. Two of those copies originated in Australia from OptusNet addresses.

The worm, dubbed W32/Lagel.A by antivirus company Panda Software, arrives in an e-mail titled "Fwd: Crazy Illegal Sex" with an attachment called IlleGal.exe. If the file is executed, the worm creates four new files on the computer and runs a series of graphics implying the e-mail was simply a joke.

The files created are MPLAYER.EXE, which is run every time windows is started up, ILLEGAL.EXE, which contains the worm's code, MMAILS.DLL, which stores the e-mail addresses the worm obtains from the system, and SMTP.OCX, an application used to mail messages.

The body of the e-mail also contains the warning "If u have a weak heart I warn u DON'T see dis Clip". If you have a weak virus protection system, ZDNet advises you don't run executable files received in e-mails.

Source: news.zdnet.co.uk

Home | What's New | Articles | Links
Library | Staff | Contact Us

Copyright Computer Crime Research Center 2001, 2002 All Rights Reserved.
Contact the CCRC Office at 380-612-735-907
contacts@crime-research.org

Rambler's Top100 Rambler's Top100