Send a mail that sounds like a security warning or
an authoritative word of caution, and you have a better
chance of potential victims opening it and downloading
the attachment. Or that's what the author of the new
worm 'Worm.Warezov.at', thinks!
According to Security analysts at MicroWorld Technologies,
Warezov.at or Stration, is a mass mailing worm spreading
in large numbers using a variety of messages and a
range of attachments. It comes with its own SMTP engine,
harvests email addresses from the infected machine
and starts sending itself out to all contacts found.
The worm then logs on to malicious websites to bring
in more malware into the compromised computer.
The subject of the mail is chosen from a list comprising
of entries like Mail Delivery System, hello, Status,
Server Report and more. The body of one of these messages
pretends to be a sober security alert and tells users
to download an update for Worm protection, as given
below:
Mail server report.
Our firewall determined the e-mails containing
worm copies are being sent from your computer.
Nowadays it happens from many computers, because
this is a new virus type (Network Worms).
Using the new bug in the Windows, these viruses
infect the computer unnoticeably.
After the penetrating into the computer the virus
harvests all the e-mail addresses and sends the copies
of itself to these e-mail
addresses
Please install updates for worm elimination and your
computer restoring.
The attachment of the mail appears as 'Update-KB8706-x86.Zip',
to add conviction to its claim of being a security
patch.
"This worm creator has tried some innovations
in terms of working with emails that look like system
generated messages or that are sent by the support
department of the recipient's email service,"
says Sulabh Mahant, Security Analyst, MicroWorld Technologies.
"Often times when you get mails of this breed,
there's a natural curiosity to know what's inside
and the element suspicion for an unknown sender might
just take a backseat, as you move on to download it."
Some of the other message bodies found are: 'Mail
Transaction failed. Partial message is available',
'The message contains Unicode characters and has sent
as a binary file' and 'The message cannot be represented
in 7-bit ASCII encoding and has been sent as a binary
attachment'. Each of them tries to make users believe
that it comes from the Mail Administration side.
"Apart from the destruction and compromise of
system data, mass mailing worms can be quite hazardous
by way of chocking mail traffic, eating on bandwidth
and clogging mail boxes. As far as of Enterprises
are concerned, all entry points should be plugged
and guarded against such worms as they can induce
a chain reaction in the internal mailing systems and
ultimately bring to halt the day to day business operations,"
points out Sunil Kripalani, Vice President, Global
Sales and Marketing, MicroWorld Technologies.
MicroWorld
MicroWorld (www.mwti.net
) is the developer of the world's first Real-Time
Anti-Virus and Content Security software eScan
for desktops and servers. Its communication security
software,
MailScan is the first comprehensive e-mail
scanner for your SMTP/POP3 Mail Server. MicroWorld
Winsock Layer (MWL) is the revolutionary technology
underlying these products, powering them to several
certifications and awards by some of the most prestigious
testing bodies, notable among them being Virus Bulletin,
Checkmark, TUCOWS, Red Hat Ready, and Novell Ready.
Combining their powerful scanner with MWL technology,
MicroWorld solutions provide a Real-Time Proactive
security for your systems. For network security of
enterprises, eConceal Firewall is the latest powerful
offering from MicroWorld.
To learn more, kindly visit http://www.mwti.net.
