Aliases
I-Worm.Wenru
Type
Win32 worm
Description
W32/Wenru-A is a worm that spreads via email.
In order to run automatically when Windows starts up W32/Wenru-A copies itself to the files svchoct.exe, svshost.exe and UpLoad.exe in the Windows system folder and creates the following registry entry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SOFTWARE
The worm collects email addresses from the system and sends itself out. The email sender adress is forged to Corporation@microsoft.com. The subject line of the email reads "Update For your system." and the attachment has the name UpLoad.scr.
At specific dates the worm attempts to launch a denial-of-service attack against a remote web site.
http://www.sophos.com/virusinfo/analyses/w32wenrua.html

Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic