Old Worm Spreads via Email
Symantec, a leading security firm, has advised that a bulk mailer worm is circulating very rapidly and has infected a large number of computers all over the world.
The worm has affected many high-end companies like Coca Cola, Google, Disney/ABC and NASA.
It looks like a new kind of attack, but it is very much similar to the old-fashioned mass mailing viruses such as Anna Kournikova, Mellissa and Nimda virus.
This particular worm attack has also been reported by other security firms - McAfee and Trend Micro.
The worm uses email attachments containing the subject line "Here you have" to distribute a .scr file that pretends to be a .PDF file. Sometimes the email content also includes a message "This is The Document I told you about, you can find it Here", followed by a harmful link and the recipient is asked to check the content.
However, the link does not download any specific file but includes a Window script which straight away sends the malware and infects the full contact list of the user who clicked on the link. Once this starts, the malware spreads.
Moreover, the email asks the user to check the mail and answer as early as possible. Other variants of the worm contain headings like "Just For you" and "This is The Free Dowload [sic] Sex Movies, you can find it Here".
Marcus Sachs, Director of the SANS Institute, states in an advisory that the .scr when operated starts downloading many extra tools. Among them, one pretends to check in with a powerful controller, as reported by v3.co.uk on September 10, 2010.
Apart from the email, the worm tries to circulate via mapped drives, accessible remote machines and removable media with AutoRun enabled.
It is advised that the users should keep their virus definitions updated and avoid clicking on any links and/or attachments in the emails. Networks administrators are also asked to regularly configure mail servers so that emails containing file extensions like .VBS, .BAT, .EXE, .PIF, and .SCR files can be blocked or removed as these are normally used to spread viruses.
» SPAMfighter News - 20-09-2010