Classification

Category: Malware

Type: Worm

Aliases: Fleming, Br2002, Rodok, Henpeck

Summary


A new Messenger worm Fleming has been found on October 9th, 2002. The worm spreads using the following message:

"Hey!! Could you please check out this program for me ? : )

I made it myself and want people to test it.

Its a readme with the program that explains what it does! 
[link to the infected web page]
-- There you can download it!

give me advices on what to upgrade please!!

Removal


Automatic action

Based on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the detected program or file, or ask you for a desired action.

Knowledge Base

Find the latest advice in our Community Knowledge Base.

About the product

See the manual for your F-Secure product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details


Once executed from the file BR2002.exe on the web page, the worm automatically updates itself and saves on C: drive as:

C:\update35784.exe

Fleming worm also saves another file CS-Keygen.exe as:

C:\hehe2397824.exe

contacted the ISP responsible for the web site and the page containing the worm has been closed immediately. This makes the worm unable to spread and update itself further.