Home Networking, Debunking the Mystery W32.Klez.H@mm Worm Raised to Level 3 Threat Bill Gates to Testify Monday Satellite Broadband Given Thumbs Up Interplanetary Internet, a JPL initiative DCISOC and CIT Future of the Internet Series Microsoft Win Hardware Engineering Conference (WinHEC) Modular PC announced at WinHEC Xbox to Lower Prices in Europe and Australia Nomad Jukebox 3 CyberBus on University of California, San Diego (UCSD) CyberPlane demonstrated by Inmarsat Stratford News
Threat type characterized either as highly wild (but reasonably harmless and confinable) or potentially dangerous (and uncontainable) if released into the wild.
Wild: High or
Damage: High and Distribution: High
Payload: This worm infects executables by creating a hidden copy of the original host file and then overwriting the original file with itself. The hidden copy is encrypted, but contains no viral data. The name of the hidden file is the same as the original file, but with a random extension. Attempts to disable Virus Protection software.
Large scale e-mailing: This worm searches the Windows address book, the ICQ database, and local files for e-mail addresses. The worm sends an e-mail message to these addresses with itself as an attachment.
Releases confidential info: Worm randomly chooses a file from the machine to send along with the worm to recipients. So files with the extensions: ".mp8" or ".txt" or ".htm" or ".html" or ".wab" or ".asp" or ".doc" or ".rtf" or ".xls" or ".jpg" or ".cpp" or ".pas" or ".mpg" or ".mpeg" or ".bak" or ".mp3" or ".pdf" would be attached to e-mail messages along with the viral attachment.