My Bitdefender
  • 0 Shopping Cart


Facebook Twitter Google Plus




There aren't any obvious symptoms of this malware, except increased internet activity;

Removal instructions:

Please let BitDefender delete your malware files.

Analyzed By

Vlad Constantin Ilie, virus researcher

Technical Description:

The trojan reads from http://[BLOCKED]/wemail/index.php a custom script which it tries to interpret.
The script provides the following main actions:
- logon into an existing email account (@hotmail, @yahoo or @30gigs);
- read from http://[BLOCKED]/base.php coded information about an email to send (To:, Cc:, Subject:, Body:);
- decode the email and send it;
- try to create new email account(@hotmail, @30gigs, @google);

Email accounts have the following pattern:
- <Name1><RandNo1><Name2><RandNo2> -
- <Name1><Name2><RandNo> -
- <Name1><Name2> -

Example of emails send:
Subject: many RX its
Date: Wed, 4 Jul 2007 17:42:06 +0000

if The most used,medical,products 4 you

Dont waste U chance visit: http://[BLOCKED]

what Djibouti now that itself Tanisha except Melody no one Alvarez
along Ava since inside out of Chacon whether...or Marsha under Nellie
because Holliday your when Boyd its Samuel everything Dick

Subject: itsPILLZ Wise
Date: Thu, 5 Jul 2007 13:53:40 +0000

R!se and sh!ne!

myself Canadian phaaarmaaaacy for you!

Check it: http://[BLOCKED]

behind Kelvin after they Medeiros theirs Villarreal along, Alston
among Angelita, mine its Marino!! after Sherry you Garland
off Malawi nor if