E-mail this

  • Home

  • Search
  • Send Comments
  • What's New
  • Hottest 25
      Legends

  • Odd News
  • Glossary
  • FAQ

  • Autos
  • Business
  • Cokelore
  • College
  • Computers

  • Crime
  • Critter Country
  • Disney
  • Embarrassments
  • Food

  • Glurge Gallery
  • History
  • Holidays
  • Horrors
  • Humor

  • Inboxer Rebellion
  • Language
  • Legal
  • Lost Legends
  • Love

  • Luck
  • Media Matters
  • Medical
  • Military
  • Movies

  • Music
  • Old Wives' Tales
  • Photo Gallery
  • Politics
  • Pregnancy

  • Quotes
  • Racial Rumors
  • Radio & TV
  • Religion
  • Risqué Business

  • Science
  • September 11
  • Sports
  • Titanic
  • Toxin du jour

  • Travel
  • Weddings

  • Message Archive
 
Home --> Computers --> Virus Hoaxes & Realities --> Robot

Robot

Virus:   'Robot'

Status:   Real virus.

Example:   [Collected via e-mail, July 2007]

Subject: Worm Alert!

Dear Customer,

Our robot has detected an abnormal activity from your IP adress on sending e-mails. Probably it is connected with the last epidemic of a worm which does not have official patches at the moment.

We recommend you to install this patch to remove worm files and stop email sending, otherwise your account will be blocked.

Customer Support Center

Origins:   There is
perhaps no virus lure more perfidious than one that proclaims to offer users protection from viruses while secretly infecting their PCs. That's the camouflage used by the 'Robot' virus which began hitting inboxes in July 2007 — it looks like a helpful message from a system administrator informing the recipient that his PC is likely infected with a worm (detected by a robot's spotting "abnormal activity from your IP adress" [sic]) and offering a patch the user can install to fix the problem. However, the patch itself is a trojan which installs itself in the Windows system folder as the file windev-72b5-203e.sys.

The payload is a variation of malware that has been given variety of different names by different security vendors, including the following:
  • Trojan.Packed.13 (Symantec)
  • W32/Nuwar@MM (McAfee)
  • Worm:Win32/Nuwar.JT (Microsoft)
  • Mal/Dorf-A (Sophos)
Last updated:   11 July 2007

Urban Legends Reference Pages © 1995-2014 by Barbara and David P. Mikkelson.
This material may not be reproduced without permission.
snopes and the snopes.com logo are registered service marks of snopes.com.