Tasin worms ate my Windows files

Security experts have issued a warning over the newly intercepted A, B and C variants of the Tasin worm, which have begun to spread rapidly by email.

The malicious worms use social engineering tricks to distract users while they are sent out from infected computers before deleting a large number of system files.

Tasin.A was first detected a few days ago. It has not been the centre of any explosive propagation, but has gradually crept up the rankings of the viruses most frequently detected by IT security firm Panda Software.

The worm arrives in an email written in Spanish. Both the subject and the text are highly variable, selected from a random list of options including:

Subject:
re:xD no me lo puedo creer!! [I can't believe it!!]
re:Crees que puede ser verdad? [Do you think it could be true?]
re:Amor verdadero [True love]

Text:
No veas que cosas xD,luego me cuentas,chao [You want to see some things. We'll speak later. See you]
Crees en el amor de verdad?,miralo y ya hablamos,ciaooo [Do you believe in true love? Have a look and we'll speak]
Mira lo que te mando y ya verás que los detalles mas pequeños son los que importan,ciaoo [Have a look at what I'm sending you and you'll see that the small details are the most important]

Attachment:
D-Incógnito.zip
Love-Me.zip
El_rechazo.zip

If the attachment is run, Tasin.A creates several files on the compromised computer. Some of these contain copies of the worm itself, while others are used to carry out malicious actions.

At the same time, the worm displays windows with messages that give the impression that it is some kind of game. However, it is a trick to distract users attention so they do not realise that the worm is sending itself out rapidly via email, the security firm warned.

"In any case, the greatest danger of Tasin.A is that it is programmed to delete a large number files, with serious consequences for the computer," Panda Software stated.

"Tasin.A also connects to an internet address to download and run other malware on the infected system. It makes a Windows Registry entry to ensure it is run on every system start-up."

Tasin.B and Tasin.C, detected on Tuesday morning, are similar to the original as they are sent out by email and delete many system files. There are however significant differences.

For example, when a user runs the file containing Tasin.B a message is displayed saying that the document is corrupt. Tasin.C downloads and displays an erotic image of a well-known Spanish person.

To prevent incidents involving Tasin, security experts advise users to take precautions and keep antivirus software up to date.

More information about Tasin.A, Tasin.B or Tasin.C is available on Panda Software's Virus Encyclopedia here.