From Wikipedia, the free encyclopedia
Jump to: navigation, search
Common name Upering
Technical name W32/Upering.A
Aliases Annoyer.B, Sany
Family N/A
Classification Computer worm
Type Mass-mailer
Subtype Win32 worm
Isolation July 22, 2003
Point of isolation Tacoma, Washington, United States
Point of origin Woonsocket, Rhode Island, United States
Author(s) kuZuper

Upering Upering (alias "Annoyer.B", or "Sany") is a mass-mailing worm. It was isolated in Tacoma, Washington, in the United States, from several submissions from America Online members. As of late 2005, it is listed on the WildList,[1] and has been since 2003.


A worm is a program that makes and facilitates he distribution of copies of itself; for example, from one disk drive to another, or by copying itself using email or another transport mechanism. The worm may damage and compromise the security of the computer. It may arrive via exploitation of a system vulnerability or by clicking on an infected e-mail.

Mass-Mailing Worm

Mailing Worm(also known as an Email worm or less commonly known as an internet worm) distributes copies of itself in an infectious e-mail attachment. Often, these infected e-mails are sent to email addresses that the worm harvests from files on an infected computer.

Isolation Date July 22, 2003

Systems Affected Windows 2000, Windows Me, Windows XP, Windows 95

How it is spread

This type of worm is embedded in an e-mail attachment, and spreads using the infected computer's e-mailing networks. Uses social engineering tactics to entice the user into opening and executing the e-mail attachment. Upering spreads by sending itself to email addresses and instant message contacts in the AOL address book. Upering worm arrive as an attachment to an email or an instant message with the lines: HEY HERE'S MY PIC!!! ITS TO BIG TO SHOW IN MAIL CLICK DOWNLOAD NOW TO DOWNLOAD IT!

How to identify

It may arrive an email with an attachment named WinUpdate32Login.exe The filename could differ depending on the original filename of the worm on the system on which the email originated.


Sends an ICQ notification message to the creators of the worm sends itself to the contacts in the AOL address book, either by email or instant message. Adds the registry value

Recommendation on how to avoid Upering

Users can avoid infection by simply refusing to open any e-mail file attachments without first verifying its safety with the e-mail sender. By using a firewall to block all incoming connections from the internet services that should not be publicly available. By Enforcing a password policy. Ensure that programs and users of the computer use the lowest level of privileges necessary to complete a task. Disable AutoPlay to prevent the automatic launching of executable files on network and removable drives, and disconnect the drive when not required. Turn off file sharing if needed.


Automatic action Once detected, the F-Secure Security product will automatically disinfect the suspect file by either deleting it or renaming it.


  1. ^ http://www.wildlist.org WildList Organisation website