Skip over global navigation links

APost

W32/APost Last Updated 9/05/01 10:34am

This worm arrives with the subject line:
As per your request!
The body of the email includes the text:
Please find attached file for your review.
I look forward to hear from you again very soon. Thank you.
The attachment is titled:
README.EXE

If the attachment is executed W32/APost copies itself to the WINDOWS directory, and then to the root of all local drives. W32/APost then ceates a registry to key run itself at startup:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
macrosoft=C:\WINDOWS\readme.exe
Next the worm sends itself out to every entry in the Microsoft Outlook Address Book. After sending itself out a pop up window appears:

Urgent

If this Open button is pressed then the worm sends out further copies of itself and then displays an error message:

Self Extractor

After OK is selected the worm terminates.

Do Not Open The Attachment!

This archive is not intended to be comprehensive. For a more complete virus library, please visit NAI's Virus Information Library at http://vil.nai.com.

Up to Top

This page last reviewed: September 12, 2008