Alert! New mass mailing e-mail worm [email protected] is loose!

Question

Mass-mailing worm ([email protected]) on the loose - 1-26-04!

Answer

This question was answered on January 27, 2004. Much of the information contained herein may have changed since posting.

[email protected] is a level 4 mass-mailing worm that has hit the net like a ton of bricks It generally arrives as an attachment to e-mail with the file extension .bat, .cmd, .exe, .pif, .scr, or .zip If you open an infected attachment, a backdoor program will be installed into the system that will allow a remote attacker to access and make use of the computer.

The email message has the following characteristics:

From: Usually a spoofed 'from' address, meaning that the address used is not the actual sender..

DO NOT BLAME THE SENDER, AS THEY ARE AN INNOCENT PARTY TO THE WORM!

Subject: (Generally one of the following)

test

hi

hello

Mail Delivery System

Mail Transaction Failed

Server Report

Status

Error

Message: (Generally, one of the following)

Mail transaction failed Partial message is available

The message contains Unicode characters and has been sent as a binary attachment

The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.

Attachment: (Generally one of the following)

document

readme

doc

text

file

data

test

message

body

This worm also copies itself to Kazaa download folders as one of the following files in an attempt to spread via the popular file sharing network:

winamp5

icq2004-final

activation_crack

strip-girl-2.0bdcom_patches

rootkitXP

office_crack

nuke2004

with a file extension of:

.pif

.scr

.bat

.exe

This worm is designed to attack all current versions of Windows but does not affect DOS, Linux, Macintosh, OS/2, UNIX, Windows 3.x based systems

Get complete instructions on protection and removal from Symantec at:

<a href= "http://www.sarc.com/avcenter/venc/data/[email protected]"> http://www.sarc.com/avcenter/venc/data/[email protected]mm.html</a>

Note: The attachment may have two suffixes If so, the first suffix will be one of the following:

.htm .txt .doc

The worm will always end with one of the following suffixes:

.pif .scr .exe .cmd .bat .zip

Need Help with this Issue?

We help people with technology! It's what we do.
Schedule an Appointment with a location for help!

Author

Posted by Michal of Data Doctors on January 27, 2004