10 月
15
2004

VIRUS ADVISORY – W32/[email protected]

(((((((((((((((((((( McAfee Dispatch )))))))))))))))))))))))

[This message is brought to you as a subscriber to the

McAfee Dispatch. To unsubscribe, please follow the

instructions at the bottom of this email.]

============================================================

VIRUS ADVISORY: W32/[email protected] – Medium Risk

————————————————————

Current VirusScan users with DAT 4399 are protected from

this threat. Learn more about W32/[email protected] here:

http://us.mcafee.com/root/campaign.asp?cid=12198

FreeScan checks for W32/[email protected]

Scan now:

http://us.mcafee.com/root/campaign.asp?cid=12199

============================================================

–> What is it?

The latest variant of the original W32/Netsky.MM virus,

W32/[email protected] is a Medium Risk mass-mailing worm that

arrives inside an email with a subject line, body content

and attachment file name in Portuguese.

Like its predecessors, W32/[email protected] steals email

addresses from an infected machine, then forwards itself to

those contacts, often faking the “from: field”.

–> What should I look for?

FROM: Varies (forged addresses taken from infected system).

SUBJECT: Varies. Examples: 0123456789, Abra rapido isso!!!!,

acrdito que em voce!!!

BODY: Varies. Examples: PizzaVeneza!, preenche ai ta bom,

encontro voce!

ATTACHMENT. Varies. Examples: agradou, agua!, AIDS!

–> How do I know if I’ve been infected?

When run, the worm displays a message box with the warning

“File corrupted replace this!”. The worm copies itself to

folders with the string “share” or sharing”, network shares

and P2P shared folders, using file names like

aninha gatinha!.zip.scr, barrio.scr and cafe!!.zip.scr.

–> How do I find out more?

View details about W32/[email protected] here.

http://us.mcafee.com/root/campaign.asp?cid=12198

Comments are closed.