New variant worm [email protected] is on the loose but don't be fooled by its tricky ways!
This question was answered on March 3, 2004. Much of the information contained herein may have changed since posting.
Do not get fooled by the latest e-mail worm's tricks! [email protected] is a new variant worm that opens a backdoor on TCP port 2745 and uses its own SMTP engine to spread itself in emails This very widely distributed e-mail worm is sending messages that look very much like an administrative message from your mail server The email message has the following characteristics: <strong>From:</strong> (It is spoofed to look like it is coming from one of the following addresses at the recipient's domain) - management - administration - staff - noreply - support <strong>Subject:</strong> (Usually one of the below items) - E-mail account disabling warning - E-mail account security warning - Email account utilization warning - Important notify about your e-mail account - Notify about using the e-mail account - Notify about your e-mail account utilization - Warning about your e-mail account <strong>Attachment:</strong> A randomly named .exe file, inside a .zip file, or a .pif file The zip file will be password-protected <strong>The most common versions look similar to this:</strong> (XXXXXXXX = a variable, generally the name of a real web site) Hello user of XXXXXXXX.com e-mail server, Your e-mail account will be disabled because of improper using in next three days, if you are still wishing to use it, please, resign your account information Further details can be obtained from attached file For security reasons attached file is password protected The password is "47687" Have a good day, The XXXXXXXXXX.com team http://www.XXXXXXXXXXX.com <strong>DO NOT OPEN THE ATTACHED FILE...IT IS THE [email protected] WHICH WILL INSTALL A BACK DOOR PROGRAM ONTO YOUR COMPUTER AND START SENDING ITSELF TO EVERYONE IN YOUR ADDRESS BOOK!</strong>
About the author
Posted by Michal of Data Doctors on March 3, 2004