Collo
Collo
Type Mass mailer worm
Creator
Date Discovered 2002.02.04
Place of Origin Germany
Source Language
Platform MS Windows
File Type(s) .exe
Infection Length
Reported Costs
Collo is an email worm thought to be from Germany. Aside from some its behavior and its alleged place of origin (though even this is largely speculation, only because its email can come in English and German) little information is available about it.
Collo.png

Behavior

Collo arrives in an email, which may be in English or German. The English email has a subject line of "Check out this cool program!" and the attachment is "Cool Program.exe". The message is:

I'm writing you this e-mail because I just found out
  about a very cool program that you need to see. Go check
  it out yourself, you will love it.

  Bye bye, your old Friend Energy

The German version is almost completely identical to the English (almost word-for-word). The subject is "Wow dieses Coole Programm!", the attachment is "Wow dieses Coole Programm"

Ich schreib Dir diese e-mail, weil ich dieses Ober
  Coole Programm gefunden habe. Schau es Dir am besten
  selbst mal an, Du wirst es Lieben.

  Tschau, Dein alter Kumpel Energy

It executes the following programs:
  • Progman.exe
  • Regedit.exe
  • Cdplayer.exe
  • Sndrec32.exe
  • Pbrush.exe
  • Write.exe
  • Scandskw.exe
  • Calc.exe
  • Explorer.exe
  • Notepad.exe

Sources

Gor Nazaryan. Symantec, W32.Collo. 2007.02.17

ThreatExpert, Worm.Win32.Collo.a. 2007.02.13

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-NonCommercial-ShareAlike 3.0 License