Worm_Feebs.ABD arrives as attachment to email messages mass-spammed by another malware or a malicious user. It may also be dropped by JS_FEEBS.ABD.

It propagates by sending a copy of itself as an attachment to email messages. In the From field, it uses a random name followed by Web email domains such as hotmail.com.

It sends its messages using its own Simple Mail Transfer Protocol (SMTP) engine. Having its own SMTP engine allows this worm to send messages without using any email application, such as MS Outlook.


It also propagates via peer-to-peer (P2P) networks. It searches for certain folders that are usually related to P2P shares. Once found, it drops copies of itself using enticing file names to ensure its download from P2P networks.

It deletes the folder liveupdate if found on an affected system. As a result, certain applications may not function properly due to missing files.

Technical details can be found at this Trend Micro page.