Aliases
W32/Bizex.worm, Worm.Win32.Bizex
Type
Win32 worm
Description
W32/Bizex-A is a worm which propagates over ICQ.
The worm appears as an ICQ message prompting the user to visit a website hosted on www.jokeworld.com. The web page downloads a file to the user's computer as startup.wav and runs the file.
Startup.wav contains a script which creates the file WinUpdate.exe in the startup folder. When Windows is next started WinUpdate.exe attempts to download a file named updater.exe to the Windows temp folder as aptgetupd.exe. Aptgetupd.exe is the main component of W32/Bizex-A. The worm copies itself to the sysmon subfolder of the Windows system folder as a file named sysmon.exe and adds the following registry entry to ensure that the worm is run each time Windows starts up:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\sysmon
Read more: http://www.sophos.com/virusinfo/analyses/w32bizexa.html
Virus Information
Discovery Date: 02/24/2004
Origin: Unknown
Length: Varies
Type: Virus
SubType: Internet Worm
This worm spreads by sending a hyperlink to contacts via the ICQ messaging program.
This worm consists of multiple components. The propagation mechanism starts with the user clicking on a link received via a ICQ message. Users should block access to the following domain:
w w w. (remove this) jokeworld. b i z
Read more: http://vil.nai.com/vil/content/v_101044.htm

Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic