Win32/Haltura [Threat Name] go to Threat
Win32/Haltura.NAE [Threat Variant Name]
|Detection created||Jan 16, 2012|
|Signature database version||6799|
Win32/Haltura.NAE is a worm that spreads via e-mail and shared folders.
The worm may create copies of itself using the following filenames:
- C:\suck it.exe
Spreading via shared folders
The worm tries to copy itself into shared folders of machines on a local network.
The worm creates the following files:
- \\%networkshare%\C$\Setup.exe (Win32/Haltura.NAE)
Spreading via e-mail
Win32/Haltura.NAE is a worm that spreads via e-mail.
E-mail addresses for further spreading are searched for in local files with one of the following extensions:
The sender address is one of the following:
Subject of the message is one of the following:
- URGENT PLEASE READ!
- Urgent Info
Body of the message is one of the following:
- Open the attachment for an urgent Windows update
- Open the attachment for an urgent update
The attachment is an executable of the worm.
The name of the attached file is following:
- Microsoft update.exe
The SMTP protocol is used.