Welcome to the Virus Encyclopedia of Panda Security.
It spreads and affects other computers.
It does not spread automatically using its own means.
|Detection updated on:||Nov. 13, 2002|
W32/Shoho is a worm that spreads via e-mail byexploiting the IFRAME vulnerability that allows running attached files automatically.
The worm copies itself to the Windows and Windows\Systemdirectories under the name WINL0G0N.EXE. Note that the 0 character corresponds to number 0 and not the letter O, as it might look at first sight.
In addition, the worm creates another file called EMAIL.TXT. This is aMIME file that takes advantage of the IFRAMEvulnerability.