A new Messenger worm Fleming has been found on October 9th, 2002. The worm spreads using the following message:
"Hey!! Could you please check out this program for me ? : ) I made it myself and want people to test it. Its a readme with the program that explains what it does! [link to the infected web page] -- There you can download it! give me advices on what to upgrade please!!
Depending on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the suspect file, or ask you for a desired action.
More information on the scanning and removal options available in your F-Secure product can be found in the Help Center.
You may also refer to the Knowledge Base on the F-Secure Community site for more information.
Once executed from the file BR2002.exe on the web page, the worm automatically updates itself and saves on C: drive as:
Fleming worm also saves another file CS-Keygen.exe as:
contacted the ISP responsible for the web site and the page containing the worm has been closed immediately. This makes the worm unable to spread and update itself further.