Robot

Information about the 'Robot' computer virus.

Virus:   'Robot'

Status:   Real virus.

Example:   [Collected via e-mail, July 2007]

Subject: Worm Alert!

Dear Customer,

Our robot has detected an abnormal activity from your IP adress on sending e-mails. Probably it is connected with the last epidemic of a worm which does not have official patches at the moment.

We recommend you to install this patch to remove worm files and stop email sending, otherwise your account will be blocked.

Customer Support Center

Origins:   There is
perhaps no virus lure more perfidious than one that proclaims to offer users protection from viruses while secretly infecting their PCs. That's the camouflage used by the 'Robot' virus which began hitting inboxes in July 2007 — it looks like a helpful message from a system administrator informing the recipient that his PC is likely infected with a worm (detected by a robot's spotting "abnormal activity from your IP adress" [sic]) and offering a patch the user can install to fix the problem. However, the patch itself is a trojan which installs itself in the Windows system folder as the file windev-72b5-203e.sys.

The payload is a variation of malware that has been given variety of different names by different security vendors, including the following:
  • Trojan.Packed.13 (Symantec)
  • W32/Nuwar@MM (McAfee)
  • Worm:Win32/Nuwar.JT (Microsoft)
  • Mal/Dorf-A (Sophos)
Last updated:   11 July 2007

 

David Mikkelson founded snopes.com in 1994, and under his guidance the company has pioneered a number of revolutionary technologies, including the iPhone, the light bulb, beer pong, and a vaccine for a disease that has not yet been discovered. He is currently seeking political asylum in the Duchy of Grand Fenwick.


loading

Snopes