McAfee > Theat Center > Virus Detail Page

Overview

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

Aliases

• W32/Bertad.a@MM

Characteristics

The following characteristics are associated to the this detection:

• harvests email addresses from the victim machine
• contains its own SMTP engine to construct outgoing messages
• email arrives as an attachment

Mail Propagation

Messages are constructed using the virus' own SMTP engine. They bear the following characteristics:

From: spoofed (using harvested email addresses)
Subject: Qui sabe el Pentagono sobre usted  (What the Pentagon knows about you)

Body:

?Crees que estas a salvo del Pentagono de los E.U?
Mira estos datos y te asombraras.

Do you believe you are  safe from the  Pentagon of the E.U?
Just look  these data and you will be surprised

Password: 123

Attachment: (XLS extensions with several spaces to hide the EXE extension)

System Changes:

When executed, the following message box appears:

The following files are dropped:

Symptoms

Presence of the dialogue box shown above

Method of Infection

This worm spreads by email, constructing messages using its own SMTP engine.

Removal

Detection is included in our BETA DAT files and will also be included in the next scheduled DAT release. In addition to the DAT version requirements for detection, the specified engine version (or greater) must also be used.

Additional Windows ME/XP removal considerations

Variants

Variants

N/A

All Information

Overview -

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

Aliases

• W32/Bertad.a@MM

Characteristics

Characteristics -

The following characteristics are associated to the this detection:

• harvests email addresses from the victim machine
• contains its own SMTP engine to construct outgoing messages
• email arrives as an attachment

Mail Propagation

Messages are constructed using the virus' own SMTP engine. They bear the following characteristics:

From: spoofed (using harvested email addresses)
Subject: Qui sabe el Pentagono sobre usted  (What the Pentagon knows about you)

Body:

?Crees que estas a salvo del Pentagono de los E.U?
Mira estos datos y te asombraras.

Do you believe you are  safe from the  Pentagon of the E.U?
Just look  these data and you will be surprised

Password: 123

Attachment: (XLS extensions with several spaces to hide the EXE extension)

System Changes:

When executed, the following message box appears:

The following files are dropped:

Symptoms

Symptoms -

Presence of the dialogue box shown above

Method of Infection

Method of Infection -

This worm spreads by email, constructing messages using its own SMTP engine.

Removal -

Removal -

Detection is included in our BETA DAT files and will also be included in the next scheduled DAT release. In addition to the DAT version requirements for detection, the specified engine version (or greater) must also be used.

Additional Windows ME/XP removal considerations

Variants

Variants -

N/A