An e-mail announcing a new Trojan horse scanner is itself an Internet worm that could flood e-mail servers with useless mail.
With more people all the time connected to the Internet, the danger of Trojan horses, malicious programs that communicate passwords and other private information to others on the Internet, is very real. Antset is a worm that arrives by e-mail and claims to be a Trojan horse scanner. It is not. At least three variations of Antset (W32.Anset.A@mm, W32.Anset.B@mm, and W32.Anset.C@mm) are floating around the Internet. Antset is capable only of sending multiple e-mail messages and does not damage PCs, so this worm ranks a 4 on the ZDNet Virus Meter.
How it works
Antset arrives as an e-mail solicitation for a Trojan horse scanner.
The subject line reads "ANTS Version 3.0." The body text for the
original worm is in German, and reads: "Hi, Anhängend die neue
Version 3.0 von ANTS, dem bislang einzigartigen kostenlosen
Trojanerscanner. Zum installieren einfach die angefügte Datei
ausführen." The English translation reads: "Hi, attached you will
find the brand new version 3.0 of ANTS, the unique freeware Trojan
scanner. To install ANTS, simply run the attached setup file." The
body text concludes with the following salutation "Adieu, Andreas
webmaster@avnetwork.de http://www.ants-online.de." The named Web
site is legitimate but contains a disclaimer regarding this worm.
Antset also contains an attachment named ants3set.exe.
If a user clicks the attached file, Antset searches the Microsoft Outlook address book for addresses to which to send copies of itself, then looks for more e-mail addresses within the following file types: PHP, HTM, SHTM, CGI, and PL.
Worms like Antset usually contain a Registry key that prevents the worm from installing itself more than once. Antset does not have this feature and could produce multiple Registry entries and numerous extra files in the Windows subdirectory. Antset also has a few programming bugs that affect its ability to spread and may not function on all Windows computers.
Removal
Most antivirus software companies have updated their signature files
to include this worm. For more information on removing Antset from
your system, see Kaspersky,McAfee, Sophos, Symantec, and
Trend Micro.