What is choke worm?
Choke Worm is malware that MSN Messenger Service (MSNMS) uses to replicate. The worm has no harmful payload and no longer replicates anything. The size of the worm is 40,960 bytes. If a user does not have MSNMS installed, the choke worm will simply reside in the computer's memory.
The Choke Worm was the second worm to be replicated through MSN Messenger. The first such worm was called the hello worm.
The Choke Worm originated in 2001. The worm spreads under the filenames ShootPresidentBUSH.exe, Hotmail.exe, Choke.exe or the name of the sender with the extension .exe. In order to trigger its operations, the choke worm requires the presence of the MSVBVM60.DLL library.
When it runs, the worm copies itself to the root directory of the C: drive as choke.exe. The worm ensures that it is activated after a restart. When executed, the worm will reside in computer memory and display pop-up error messages to the computer user. If the user clicks 'OK' on any of these messages, the worm will gain access to the user's MSNMS account. Choke Worm then sends messages to the user's contacts, repeatedly prompting them to download the ShootPresidentBush.exe file.