Worm.Win32.Pinom.c, W32/Imbiat.worm, Win32/Pinom.C, W32.Cissi.A@mm
W32/Cissi-B is a worm which attempts to spread by emailing itself via SMTP and by copying itself to network shares with weak passwords. The worm allows unauthorised remote access to the computer via IRC channels.
The worm copies itself to the Windows system folder as *****.EXE and changes the [boot] field within SYSTEM.INI (or WIN.INI under MS Win NT/2000/XP) to run itself on system restart. Under Windows NT-based systems the worm may change the following entry in the registry to run the worm on system restart:
W32/Cissi-B may attempt to email itself to email addresses gleaned from files on the user's hard disk.
W32/Cissi-B attempts to copy itself to the Startup folder on remote shared computers as !IMPORTANT!.EXE or SETUP.EXE.
Pint-size luxury and funky style
Shopping for a new car this weekend? See how the BMW X2 stacks up against the Volvo XC40 in our side-by-side comparison.