Email-Worm.Win32.Zar.a

CyberScrub AntiVirus
Research Bank

This worm spreads via the Internet as an atttachment to infected messages. It sends itself to all email addresses found on the victim computer.

The worm itself is a Windows PE EXE file. It is written in Visual Basic and is approximately 20KB in size.

Installation

Once launched, the worm causes the following window to be displayed:

When installing itself to the victim machine, the worm copies itself to the Windows root directory under the following names:

%WinDir%\crssr.exe
%WinDir%\raz32.exe
%WinDir%\tsunami.exe

It then registers itself in the system registry:

[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"CaptionMgr32" = "%systemroot%\crssr.exe"

This ensures that a copy of the worm will be launched each time the victim machine is rebooted.

Propagation via email

The worm scans the MS Outlook address book for email addresses to send itself to. The worm sends copies of itself using the mail client on the victim machine.

Infected messages Message subject:

Tsunami Donation! Please help!

Message body:

Please help us with your donation and view the attachment below!
We need you!

Attachment name

tsunami.exe

Payload

Zar.a attempts to conduct a DoS attack on www.hacksector.de

Check out if we have free removal tool for this virus

CyberScrub AntiVirus provides state of the art security protection for five years- at one low price. Our award winning technology ensures protection against viruses, worms and trojans backed by top customer support and value.

Five Year Cost Comparison
Product	Initial Cost	Yearly Subscription	X Four Years	Total
Norton 2004 AntiVirus	$49.95*	$29.95	$119.80	$169.75
McAfee VirusScan	$49.95*	$19.95	$79.80	$129.75
CyberScrub AntiVirus	$49.95	Included	No Additional Cost	$49.95
*All prices MSRP as published on respective sites.

It is only a matter of time before a virus, worm or Trojan horse wrecks havoc on your important data. Important files, records, family pictures- all at risk. Some dangerous programs can even ruin your hard drive beyond repair.

CyberScrub AntiVirus offers the most effective protection from all known and unknown viruses.

CyberScrub AntiVirus is powered by a unique integrated technology for virus detection, based on principles of multi-generation heuristic analysis. This allows the program to protect you from suspect “viral behavior”. This highly effective methodology repelled all attacks of each “I LOVEYOU’ viral variation without any additional antivirus database updates. No other technology, including Norton, Trend, or McAfee was able to accomplish this.

CyberScrub AntiVirus is powerful, yet its exceptional ease of use and installation make it acceptable for beginner to pro

CyberScrub Antivirus constantly scans your hard drive and files to identify, clean and destroy infected objects. With updates available every three hours, 24 hours a day, 365 days a year, you can count on CyberScrub to protect your valued data.

CyberScrub AntiVirus
Lifetime Edition

"For the Life of Your Computer"
Save $10 Now!
Limited Time

Email-Worm.Win32.Zar.a

Symantec Warns Of Flaw In Antivirus Program. More>>

CNN Legend Lynne Russell reports on CyberScrub AntiVirus for Tech Headline News.

delete,deletion, file deletion, Internet clean up,privacy, HIPAA, Internet privacy, cookies, erase, erasure, shredder, wipe, overwrite, purge, deletion, security, file wipe, data destruction