Additional Details
Upon execution, Acanze.A will create a hidden, system file named 'login.bat' into %WINDOWS% directory. It will then set a registry key:
• HKLM\Software\Microsoft\Windows\CurrentVersion\Run\msnmsgr = "C:\WINNT\login.bat"
The key allows Windows to start the bat file each time a user logs on.
Under Italian versions of Windows, additional files will be dropped, and the attributes to both file set to hidden, system.
• %WINDOWS%\SYSTEM\HOTPLUG.dll
• C:\Programmi\Windows NT\netapi.dll
The worm will then check whether a connection to an Italian site can be established. If so, it will create e-mail messages containing copy of its body and send them to recipients in Outlook's Contact list.
Detection
Detection for this malware was published on March 8th, 2005 in the following F-Secure Anti-Virus updates:
[FSAV_Database_Version]
Version=2005-03-08_03