Tech moves fast! Stay ahead of the curve with Techopedia!
Join nearly 200,000 subscribers who receive actionable tech insights from Techopedia.
Choke Worm is malware that uses MSN Messenger Service (MSNMS) to replicate. The worm does not have a malicious payload and does nothing more than replicate. The size of choke worm is 40960 bytes. If a user does not have MSNMS installed, the Choke Worm will simply remain resident in the computer’s memory.
The Choke Worm was the second worm that replicated through MSN Messenger. The first such worm was called the Hello Worm.
The Choke Worm emerged in 2001. The worm spreads under the file names ShootPresidentBUSH.exe, Hotmail.exe, Choke.exe, or the name of the sender with an .exe extension. In order to trigger its operations, the choke worm needs the existence of the MSVBVM60.DLL library.
When executed, the worm copies itself to the C: drive's root directory as choke.exe. The worm makes sure that it is activated after a reboot. Also, when executed, the worm becomes resident in the computer’s memory and displays pop-up error messages to the computer user. When the user clicks “OK” on one of these messages, the worm gains access to the user’s MSNMS account. Choke Worm then sends messages to the user’s contacts, and repeatedly prompts them to download the ShootPresidentBush.exe file.