Know Your Malware: Shima Removal

Shima is an Internet worm that spreads by e-mail in messages with attached archives containing infected files and through file sharing networks using popular peer-to-peer applications including Kazaa, eMule, Shareaza, iMesh, Morpheus and BearShare. Once executed, Shima secretly installs itself to the system and runs a spreading routine. The parasite searches files of certain types for e-mail addresses, harvests them and sends out malicious letters. Then the worm creates infected files with meaningful names and copies them into shared folders of installed peer-to-peer clients.

The worm carries no destructive payload. However, it poses a serious threat to Internet security, as it attempts to allow some programs to bypass Windows Firewall and even tries to disable it. Furthermore, it sends out random documents from the compromised computer and therefore may disclose user sensitive information.

Shima properties:
Sends out logs by FTP or email
Hides from the user
Stays resident in background Remove Shima, removal instructions

Linked by shanmuga Wednesday, 9th November 2005 10:24PM