W32/Wowlook is a mass mailing worm. The worm will infect Windows systems and spreads through email.
The "Subject" of the infected mail will be;
That souds best for us. Chinese test missile obliterates satellite! Hi,I just get some imformation of the Blizzard Entertainment,pls kindly check in the attachment.
The "Body" of the infected mail will be;
China last month successfully used a missile to destroy an orbiting satellite, U.S. government officials told CNN on Thursday, in a test that could undermine relations with the West and pose a threat to satellites important to the U.S. military.
According to a spokesman for the National Security Council, the ground-based, medium-range ballistic missile knocked an old Chinese weather satellite from its orbit about 537 miles above Earth. The missile carried a "kill vehicle" and destroyed the satellite by ramming it.
The test took place on January 11. (Watch why the U.S. has protested the missile strike )
Aviation Week and Space Technology first reported the test: "Details emerging from space sources indicate that the Chinese Feng Yun 1C (FY-1C) polar orbit weather satellite launched in 1999 was attacked by an asat (anti-satellite) system launched from or near the Xichang Space Center."
A U.S. official, who would not agree to be identified, said the event was the first successful test of the missile after three failures...
The detail news is here: http://edition.cnn.com/2007/TECH/space/01/18/china.missile/index.html.
Watch the video to get more information! To watch the missile video, please install the CNN video plus version 9, click the attachment to install.
Copyright 2007 CNN. All rights reserved.
This material may not be published, broadcast, rewritten, or redistributed. Associated Press contributed to this report
The name of the infected "Attachment" will be;
SetupV9.zip
Upon execution, the worm creates SetupV9.exe and Srvpl0.dll files in the Windows System folder.
The worm modifies registry at the following location to load itself during each startup;
The worm hooks the application wow.exe which is associated with World of Warcraft. It steals account information associated with the program. It then logs the stolen information in the file KBOutLook.log created in Windows System folder.
The worm gathers all the email addresses from the Windows Address Book and Outlook Express. These emails addresses are also stored in the KBOutLook.log file.
The data gathered from the infected system is sent to http://www.game4enjoy.net/Data[Removed].
It also creates srv_(Thread ID of threat)_.log file in the Windows System folder to log errors.
Proland
Software is the developer of Protector Plus range of antivirus software
packages. Protector Plus 2007 is available for Windows Vista, Windows 95/98/Me, Windows
XP, Windows NT/2000/2003 servers and workstations, MS-Exchange 2000/2003, MS-DOS
and NetWare servers.
Protector Plus range of antivirus products
offer on-line virus detection and removal. All the packages have the ability
to detect and isolate all types of viruses, trojans, worms and other types
of malware.
These products are updated on a continuous basis and the latest upgrades
for all the platforms are made available for downloading from this site.
About
Protector Plus Antivirus Software Packages:
That souds best for us.