Worm Spreads With Random Subject Lines
Mail inboxes can have e-mails coming with a picture attached and having subject lines like "FIFA", "Bush" or "Incredible". Micro World security experts have warned recipients to be wary of such e-mails because they can spread the worm called "Womble.d" on PCs when the reader opens the e-mail attachment.
The worm "Womble.d" is created in Visual C++. It uses the "Ultimate Packer for Executables" (UPX) tool and spreads through mass mailing. It collects e-mail ids from the victim's address book and distributes its copies to those ids. The worm is able to flourish because of a loophole in 'Microsoft Windows Operating System' known as "SetAbortProc Code Execution". When a user opens the link in the attachment that leads to a malicious website, the worm infects the computer. The infection takes form of an error in 'Windows Metafiles'. Microsoft has provided a patch for this flaw, which can be downloaded from its website.
According to Arti Taru, a security analyst at Micro World Technologies, one may not suspect the image file as an attachment if it comes from a close friend. The worm is adept in Social Engineering as it can pick up various subject lines and capitalize on different tastes and interests of people. In the process, it is sure to strike at least some victims.
The worm spreading e-mails has some randomly chosen subject lines like Bush, Incredible, Lola, Re: Info, Alike, FIFA, Look at this, Miss Kan, and Paula. The e-mails also have random attachments named as some_info.wmf, new_picture.jpg, seduction_secrets.pif, and firefox_update.pif.zip.
Related article: Worm Infected Alaska Candidates' Website
» SPAMfighter News - 04-10-2006