When activated it prevents files with an EXE extension from being run and displays warnings and an error message when the infected computer is started up.

Windows XP/2000/NT/ME/98/95

Navidad is an astute worm that is difficult to detect because it reaches computers in a reply to a previously sent e-mail message (which is infected). This message includes a file called NAVIDAD.EXE, which infects the computer when it is run.

Navidad is dangerous as it prevents many programs from being run. In other words, files with an EXE extension. It also displays warnings and an error message when the computer is started up.

It spreads very quickly by sending itself as a reply to all the e-mail messages in the Inbox of the mail program.

The first symptom of Navidad is an e-mail message with the following characteristics:

• A reply to a message that a user has sent to another user (which is infected).
• The subject is the same as the original message that was sent. The only difference is that it includes the reply tag (RE:).
• The message is the same as that in the original e-mail message sent to the infected user.
• The message includes an attachment called NAVIDAD.EXE.

  When the NAVIDAD.EXE file is run, Navidad activates and displays a long list of icons and messages. These appear depending on how the infected user replies to each one.

For more information on the windows displayed when Navidad activates, click here.