Energy | |
---|---|
Type | Email Worm |
Creator | Benny |
Date Discovered | 2000.11.14 |
Place of Origin | Czech Republic |
Source Language | Assembly |
Platform | MS Windows |
File Type(s) | .exe, .rar |
Infection Length | 10,752 bytes |
Energy is a worm that infects Windows NT-based systems. It was coded by Benny and appeared in Issue 5 of 29A magazine. Energy infects RAR files being sent in emails and injects itself into the system's running processes.
Behavior
Energy arrives as Setup.exe in a RAR file attached to an email. When executed, Energy creates the file Energy.exe in the Windows system directory. It loads itself as a service named "EnErGy". Energy periodically lists the system's running processes and runs its code from them, infecting as many running processes as possible.
Energy hooks the MAPISendMail function in processes that import MAPI32.dll. The worm adds itself as Setup.exe to any RAR archive attached to an outgoing email.
The worm has no destructive routines and does little more than spread itself. It will only run on Windows NT-based systems. It has some similarities to Benny's Hiv virus.
Origin
Energy was completed on the 14th of November in 2000 in the Czech republic. It's creator, Benny submitted it in 29A magazine, where it appeared in the 5th issue. He says he came up with the name after some meditation and psychadelic experiences.
Sources
Benny. 29A Magazine, Issue 5, I-Worm.Energy. 2000.11.14
Peter Ferrie. Symantec, WNT.Energy.worm. 2007.02.13
Panda Security. Virus Encyclopedia, Energy.A.