VIRUS ADVISORY: W32/[email protected] – Medium Risk
Current VirusScan users with DAT 4405 are protected from
this threat. Learn more about W32/[email protected] here:
–> What is it?
W32/[email protected] is a Medium Risk mass-mailing worm that
exploits a “buffer overflow vulnerability” in Microsoft
Internet Explorer to spread from computer to computer using
stolen email addresses. Web links (e.g., “see my homepage”)
in the spam messages point to infected systems, which then
download the virus onto new victims’ machines. Unlike earlier
Mydoom variants, W32/[email protected] forwards no attachments.
Up-to-date McAfee VirusScan users with DAT 4405 are protected
from this threat. Note: McAfee also recommends regularly
updating your Windows operating system with the latest
security patches from Microsoft.
–> What should I look for?
SUBJECT: Varies. Examples: hi!, hey!, Confirmation
BODY: Varies. Examples:
– Congratulations! PayPal has successfully charged $175 to
your credit card. To see details please click this link.
– Hi! I am looking for new friends. I am from Miami, FL. You
can see my homepage with my last webcam photos!
–> How do I know if I’ve been infected?
When run, the virus creates a file in the WINDOWS SYSTEM
(%WinDir%\system32) directory with a random filename that
ends in 32.exe.
–> How do I find out more?