W32.Blackmal.E@mm worm

January 17, 2006
aka: Kama Sutra, MyWife

The W32.Blackmal.E@mm worm is a mass e-mailing worm that attempts to spread itself though e-mail and unsecure network shares. This worm is designed to activate on an infected computer on the 3rd of every month and attempt to overwrite any files with the following extensions:

  • *.doc
  • *.xls
  • *.mdb
  • *.mde
  • *.ppt
  • *.pps
  • *.zip
  • *.rar
  • *.pdf
  • *.psd
  • *.dmp

Symptoms

The W32.Blackmal.E@mm worm attempts to disable any antivirus software you have installed on your computer. If you have Symantec AntiVirus Corporate Edition 10.0 or newer installed from VTnet 2005 or from this website, you may receive the following alert when the worm executes.




Removal

Symantec has released further information for this worm:
http://securityresponse.symantec.com/avcenter/venc/data/w32.blackmal.e@mm.html

Symantec has also developed a removal tool available at:
http://securityresponse.symantec.com/avcenter/venc/data/w32.blackmal@mm.removal.tool.html