Advertisement
Promo

Security threats Toolkit

Winevar worm on the loose

Graham Hayday Silicon.com

Published: 27 Nov 2002 17:21 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Antivirus vendors are warning email users to watch out for a fast-spreading and potentially destructive worm, known as WORM_WINEVAR.

According to Trend Micro several cases have already been reported in France and Spain. MessageLabs first spotted the worm on 22 November and has seen around 300 copies in the last 24 hours.

It runs on all Windows platforms and propagates itself using its own Simple Mail Transfer Protocol (SMPT) engine, and sends emails to addresses it gathers from HTML files on the infected system.

According to Sophos, infected emails are likely to have the following characteristics:

From: (defaults to "AntiVirus")
Subject: (defaults to "Trand Microsoft Inc.")
Message text: " - "
Attached files:
- WINXXXX.TXT (12.6 KB) MUSIC_1.HTM
- WINXXXX.GIF (120 BYTES) MUSIC_2.CEO
- WINXXXX.PIF

The worm sends email using a known exploit that causes the attachment to automatically execute when the message is viewed or previewed on Internet Explorer-based email clients, such as Microsoft Outlook and Outlook Express.

It is capable of terminating certain monitoring programs and antivirus products from memory.

If an infected machine is restarted, WINEVAR displays the message: "Make a fool of oneself: What a foolish thing you've done!"

If the 'OK' button is pressed the worm deletes all deletable files in all folders.

Raimund Genes, president of European operations, Trend Micro, said in a statement: "This illustrates that computer users should not be lulled into a false sense of security by the relative lack of virus activity over the last few months. This time the virus writers have hit back with a particularly destructive worm, against which users can protect themselves -- by deploying an up-to-date anti-virus software and by being vigilant."

Antivirus firms such as Symantec, Kaspersky and Sophos have posted further information and protection. See your antivirus vendor's Web site for more information.

For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Security News Section.

Have your say instantly, and see what others have said. Go to the Security forum.

Let the editors know what you think in the Mailroom.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
46 out of 95 people found this useful


In association with Network Liberation Movement

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:







Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

DNA details of innocent will be kept f...

The government has announced that it plans to keep innocent people's DNA details for up to six years. In response to a consultation it launched last December, the government said... More

3 comments

Motorola Droid Drops Today: Happy Droi...

Motorola Droid Drops Today: Happy Droid Day America! Author: Eric Everson, Mobile Security Expert If you’re wondering what all of the buzz is about with words like Droid and Android... More

Post a comment

Mobile Security Profile: BlackBerry St...

Mobile Security Profile: BlackBerry Storm2 Author: Eric Everson BlackBerry handsets are a staple of office culture; from syncing calendars to sharing business-related data,... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters