Lunalight is a sophisticated Internet worm that spreads by e-mail through messages with archived attachments containing infected executables. Once the user opens such an attachment and runs the file in it, the parasite secretly installs itself to the system and runs a spreading routine. It uses an integrated mail engine to send malicious letters to e-mail addresses it gathers from local files. It may also attempt to propagate through floppy disks and via file sharing networks if any peer-to-peer applications are installed to the infected system. Then Lunalight runs a payload. It creates multiple copies of itself, disables the Task Manager and the Registry Editor, modifies some system settings and deletes files and registry keys related to certain parasites as well as some legitimate programs. Some essential system components might also be deleted. Lunalight can prevent some software and system tools from running. It may also log user keystrokes and perform Denial of Service (DoS) attacks. Furthermore, the parasite is able to update itself via the Internet.
