Win32.Warezov.at harvests addresses from infected machines
Experts warn of 'severe risk' email worm
/v3-uk/news/1962387/experts-warn-severe-risk-email-worm
26 Sep 2006, Robert Jaques , V3
IT security experts have issued a 'severe risk' threat warning after detecting a virulent new worm spreading in the wild.
Kaspersky Lab warned that Win32.Warezov.at uses its own SMTP engine to send itself to email addresses harvested from the Windows address books on infected machines.
The subject line, message body and attachment name vary, but mail system messages like 'Mail Server Report', 'Mail Delivery System' and 'test' are typical.
The worm runs when the user clicks on the attached file, a portable executable of around 117KB, packed using UPack. The worm copies itself to disk and modifies the registry to ensure that it loads automatically on start up.
David Emm, senior technology consultant at Kaspersky Lab, said: "It has been some time since we've seen an email worm outbreak. But email worms still have all the ingredients necessary to spread successfully, not least through social engineering.
"Users should be wary of emails received from unknown sources, and make sure that their antivirus protection is up to date."
© Incisive Media Investments Limited 2010, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093
Do you agree?
This is why I use McAfee
McAfee has a default rule built into their AV product which won't allow user/admin defined mail engines to operate.
I'm protected with no update and nothing to configure.
Risk? What risk? Only to those who are using inferior products.
Posted by Chipper, 28 Sep 2006