Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

W32/Zryks-A

Feb 11, 2004 1:40AM PST

Type
Win32 worm

Description
W32/Zryks-A is a Windows worm that spreads via email.
The worm sends itself to all entries in the Outlook address book and to email addresses harvested from HTML and CTT contact files found on the system. The email arrives with the following characteristics:
Subject line: Your Heart Is The Place Where I Belong
(possibly preceeded by Fw:, Fwd: or Re:.)
Message text: chosen from one of the following lines -
I'm just thinking of you, my precious.
Anyone can't understand how comfortable you can make me feel.
I've never felt this way about anyone before.
I feel like you know me better than anyone.

The message text also contains the line
=== Incoming mail is certified 100% Virus Free ===

The attachment has a random name. The file sent out as an attachment is also stored in the Windows folder and a registry entry below
HKLM\Software\Microsoft\Windows\CurrentVersion\Run is created, pointing to the file.

The worm may display a picture of a butterfly when run.

http://www.sophos.com/virusinfo/analyses/w32zryksa.html

Discussion is locked