Fandom

Malware Wiki

Silly

1,328pages on
this wiki
Add New Page
Comments0 Share

Email-Worm.Win32.Silly or Silly is an email worm that spreads via the Internet as an attachment found inside infected messages. It sends itself to email addresses harvested from the victim computer. The worm itself is a PE EXE file 15462 bytes in size, written in Visual Basic.

BehaviorEdit

When installing, the worm copies itself to the Fonts folder in the Windows root directory under a random name (where XXX is a random name):

%Windir%\Fonts\XXX.com

The worm also registers itself in the system registry, ensuring that it will be launched each time Windows is rebooted on the victim machine (XXX is a random name):

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

"TempCom"="%Windir%\Fonts\XXX.com"

The worm modifies the following system registry entries:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState

"fullpath"="1"

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced

"HideFileExt" = "1"

"Hidden" = "0"

Spreading RoutineEdit

The worm will harvest .contact files and other address books and send a copy of the worm to said addresses. They will be in this format

Message Subject: Document
Attachment: Document.exe
Body: <No content>

SourcesEdit

Securelist (Kaspersky Labs), Email-Worm.Win32.Silly.e

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.