A new Trojan is on the loose that purports to be photos of a nude woman. But the worm in fact steals system and other information from infected systems.
Sysbug-A travels as a .zip file attached to an e-mail from email@example.com. In order for a system to become infected, the recipient needs to extract the enclosed file, wendynaked.jpg.exe, and run it.
The Trojan steals sensitive information, including an SMTP account name, POP3 password, NNTP user name and SMTP e-mail address. Sysbug also notes the system's IP address, unique ID and connection speed. It then uploads that information to finance.red-host.com, according to Finnish antivirus software vendor F-Secure Corp.
Sysbug seems to be paying homage to Mimail-C, which traveled attached to a similar kind message. The e-mail carrying the Sysbug worm has the following characteristics:Subject line:
"Re: Mary" Message text:
"Hello my dear Mary,
"I have been thinking about you all night. I would like to apologize for the other night when we made beautiful love and did not use condoms. I know this was a mistake and I beg you to forgive me.
"I miss you more than anything, please call me Mary, I need you. Do you remember when we were having wild sex in my house? I remember it all like it was only yesterday. You said that the pictures would not come out good, but you were very wrong, they are great. I didn't want to show you the pictures at first, but now I think it's time for you to see them. Please look in the attachment and you will see what I mean.
"I love you with all my heart, James."
The threat posed by Sysbug is limited because it doesn't have a mechanism for spreading itself. Any copies of it in the wild must be manually sent.