Welcome to the Virus Encyclopedia of Panda Security.
|Alias:||I-Worm.Runouce.b,, Win32/ChiHack, PE_CHIR.B|
|Effects:||It overwrites files with certain extensions and exploits two vulnerabilities in Internet Explorer.|
|First detected on:||Aug. 1, 2002|
|Detection updated on:||June 17, 2010|
|Yes, using TruPrevent Technologies|
It is easy to get infected with this worm, as it activates automatically when the message is opened or just viewed through Outlook's Preview Pane.
In order to do so, it exploits two vulnerabilities: Exploit/iFrame and Exploit/MIME. These vulnerabilities allow files attached to e-mail messages to be run automatically.
This is a dangerous worm, as it infects files with the following extensions: EXE, SCR, HTM and HTML. Besides, Chir.B has destructive effects, as on the first day of each month it overwrites the first 4,660 bytes of files with the following extensions: ADC, R.DB, DOC and XLS.