|Isolation||July 22, 2003|
|Point of isolation||Tacoma, Washington, United States|
|Point of origin||Woonsocket, Rhode Island, United States|
Upering Upering (alias "Annoyer.B", or "Sany") is a mass-mailing worm. It was isolated in Tacoma, Washington, in the United States, from several submissions from America Online members. As of late 2005, it is listed on the WildList, and has been since 2003.
A worm is a program that makes and facilitates he distribution of copies of itself; for example, from one disk drive to another, or by copying itself using email or another transport mechanism. The worm may damage and compromise the security of the computer. It may arrive via exploitation of a system vulnerability or by clicking on an infected e-mail.
Mailing Worm(also known as an Email worm or less commonly known as an internet worm) distributes copies of itself in an infectious e-mail attachment. Often, these infected e-mails are sent to email addresses that the worm harvests from files on an infected computer.
Isolation Date July 22, 2003
Systems Affected Windows 2000, Windows Me, Windows XP, Windows 95
How it is spread
This type of worm is embedded in an e-mail attachment, and spreads using the infected computer's e-mailing networks. Uses social engineering tactics to entice the user into opening and executing the e-mail attachment. Upering spreads by sending itself to email addresses and instant message contacts in the AOL address book. Upering worm arrive as an attachment to an email or an instant message with the lines: HEY HERE'S MY PIC!!! ITS TO BIG TO SHOW IN MAIL CLICK DOWNLOAD NOW TO DOWNLOAD IT!
How to identify
It may arrive an email with an attachment named WinUpdate32Login.exe The filename could differ depending on the original filename of the worm on the system on which the email originated.
Sends an ICQ notification message to the creators of the worm sends itself to the contacts in the AOL address book, either by email or instant message. Adds the registry value
Recommendation on how to avoid Upering
Users can avoid infection by simply refusing to open any e-mail file attachments without first verifying its safety with the e-mail sender. By using a firewall to block all incoming connections from the internet services that should not be publicly available. By Enforcing a password policy. Ensure that programs and users of the computer use the lowest level of privileges necessary to complete a task. Disable AutoPlay to prevent the automatic launching of executable files on network and removable drives, and disconnect the drive when not required. Turn off file sharing if needed.
Automatic action Once detected, the F-Secure Security product will automatically disinfect the suspect file by either deleting it or renaming it.
- http://www.wildlist.org WildList Organisation website
|This malware-related article is a stub. You can help Wikipedia by expanding it.|