Mass Mailing Worm Caution About Worms
A new worm is spreading through the Internet by adopting an unethical approach of warning and cautioning of potential threat. Sounding like a security warning, the e-mail contains a legal word of caution that increases possibility of potential victims opening and even downloading the attachment. The mail uses kind words to entice the reader to open the attachment and when the recipient does so, the Warezov.at worm infects the system.
As per security analysts at MicroWorld Technologies, the 'Warezov.at' worm or 'Stration' mails en-masse a large number and variety of messages with a range of attachments. It uses its own SMTP account, gathers e-mail addresses from the infected machine and sends itself to all the contacts listed. If that is not enough, the worm logs on to malicious websites to download more malware on the compromised PC.
The subject line of the mail selects randomly: "Mail Delivery System", "Hello", "Status", "Server Report" and many others. The message body contains a sober security alert and advises users to download a patch for Worm protection.
There are other types of messages, like: "Mail Transaction has failed. Only partial message is available"; "the message contains Unicode characters and has sent as a binary file" and "the message has been sent on a binary attachment as it can't be represented in 7-bit ASCII encoding". ". Each of them tries to convince the user that it has come from the Mail Administrator. The attachment reads, as "Update-KB8706-x86.Zip" to make the user believe that it's a security patch.
Organizations are advised to plug their entry points to prevent the occurrence of a chain reaction in the internal mailing system that can bring a break to day-to-day operations. And they must install updates for worm removal.
Related article: Mac OS X Devoid of Malware, Vexing Experts
» SPAMfighter News - 11-10-2006