Description published Jun 02, 2006|Description updated Mar 23, 2007


Alert level: High Detected with Windows Defender Antivirus

Also detected as: W32.Chir.B@mm (Symantec) W32/Chir.b@mm (McAfee) WORM_CHIR.B (Trend Micro)

Win32/Chir.B@mm is both a network and e-mail worm, as well as a virus. The e-mail worm component sends a copy of itself as an e-mail attachment to addresses that it finds on local and remote drives. Win32/Chir.B@mm also exploits the Incorrect Mime Header vulnerability discussed in Microsoft Security Bulletin (MS01-020). This may cause the e-mail attachment to open automatically when the e-mail is read or previewed on susceptible systems that have not had the MS01-020 security patch installed. Win32/Chir.B@mm infects .EXE and .SCR files on local and remote drives. Win32/Chir.B@mm also drops a copy of itself named readme.eml to folders containing .HTM and .HTML files, then appends malicious JavaScript to the bottom of these .HTM* files to cause them to automatically run the infected readme.eml file when they are opened.


Latest News
Show/Hide feedback form