(((((((((((((((((((( McAfee Dispatch )))))))))))))))))))))))
[This message is brought to you as a subscriber to the
McAfee Dispatch. To unsubscribe, please follow the
instructions at the bottom of this email.]
VIRUS ADVISORY: W32/[email protected] – Medium Risk
Current VirusScan users with DAT 4399 are protected from
this threat. Learn more about W32/[email protected] here:
–> What is it?
The latest variant of the original W32/Netsky.MM virus,
W32/[email protected] is a Medium Risk mass-mailing worm that
arrives inside an email with a subject line, body content
and attachment file name in Portuguese.
Like its predecessors, W32/[email protected] steals email
addresses from an infected machine, then forwards itself to
those contacts, often faking the “from: field”.
–> What should I look for?
FROM: Varies (forged addresses taken from infected system).
SUBJECT: Varies. Examples: 0123456789, Abra rapido isso!!!!,
acrdito que em voce!!!
BODY: Varies. Examples: PizzaVeneza!, preenche ai ta bom,
ATTACHMENT. Varies. Examples: agradou, agua!, AIDS!
–> How do I know if I’ve been infected?
When run, the worm displays a message box with the warning
“File corrupted replace this!”. The worm copies itself to
folders with the string “share” or sharing”, network shares
and P2P shared folders, using file names like
aninha gatinha!.zip.scr, barrio.scr and cafe!!.zip.scr.
–> How do I find out more?