FANDOM


Email-Worm.Win32.Apost or Apost is a Worm that spreads through email.

Payload

Apost is a virus-worm that spreads via the Internet as an attachment to infected e-mails. Also known as Readme. The worm itself is a Windows PE EXE file about 25Kb in length and written in Visual Basic Script. The infected messages contain the following:

Subject: As per your request!
Please find attached file for your review. 
I look forward to hear from you again very soon. Thank you.
Attachment: README.EXE

The worm activates from infected e-mail only in the case when a user clicks on the attached file. The worm then installs itself to the system, runs the spreading routine, and displays two fake messages: While installing, the worm copies itself to the Windows directory with the README.EXE name and registers that file in the system registry auto-run key:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run macrosoft = README.EXE

To send infected messages, the worm uses MS Outlook and sends messages to all addresses found in the Outlook address book. The worm also copies itself to the root directory of all local fixed and remote (network) drives with the same README.EXE name.

Videos

Email-Worm.Win3201:43

Email-Worm.Win32.Apost

Email-Worm.Win32.Apost









Images













Sources

Securelist (Kaspersky Labs), Email-Worm.Win32.Apost.a

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.