F-Secure on Newly Found Winevar Worm

The Winevar e-mail worm was found in-the-wild in Korea in the end of November 2002. Apparently it was released on purpose during the AVAR 2002 Conference (Anti-Virus Researcher’s Asia) in Seoul, South Korea.

The worm’s file is a Windows PE executable about 91Kb long. The worm was written in Microsoft Visual C++. It should be noted, that Winevar resembles Bridex worm that appeared earlier. The Winevar worm has many bugs that can cause damage to infected systems and limit the worm’s spreading.

F-Secure advisory on this worm:
http://www.f-secure.com/v-descs/winevar.shtml