Fandom

Malware Wiki

Collo

1,346pages on
this wiki
Add New Page
Comments0 Share

Worm.Win32.Collo or Collo (Also known as Email-Worm) is an email worm thought to be from Germany. Aside from some its behavior and its alleged place of origin (though even this is largely speculation, only because its email can come in English and German) little information is available about it.

Payload

Collo arrives in an email, which may be in English or German. The English email has a subject line of "Check out this cool program!" and the attachment is "Cool Program.exe". The message is:

I'm writing you this e-mail because I just found out
about a very cool program that you need to see. Go check
it out yourself, you will love it.
  
Bye bye, your old Friend Energy

The German version is almost completely identical to the English (almost word-for-word). The subject is "Wow dieses Coole Programm!", the attachment is "Wow dieses Coole Programm"

Ich schreib Dir diese e-mail, weil ich dieses Ober
Coole Programm gefunden habe. Schau es Dir am besten
selbst mal an, Du wirst es Lieben.
  
Tschau, Dein alter Kumpel Energy

It executes the following programs:

  • Progman.exe
  • Regedit.exe
  • Cdplayer.exe
  • Sndrec32.exe
  • Pbrush.exe
  • Write.exe
  • Scandskw.exe
  • Calc.exe
  • Explorer.exe
  • Notepad.exe

Sources

Gor Nazaryan.

ThreatExpert, Worm.Win32.Collo.a. 2007.02.13

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.