A new mass-mailer worm in the wild poses as a flaw fix from Microsoft.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
Bugbros-A arrives attached to an e-mail that purports to be from email@example.com. The message says the attached worm is a fix for a new back-door called BugGear-A.
The worm doesn't contain a destructive payload. It can infect machines running Windows 95, 98, ME, NT, 2000 and XP, according to an advisory from antivirus software vendor Trend Micro Inc.
Astute readers probably wouldn't be fooled by the worm's social engineering because the message contains numerous misspellings. Also, it's widely known that Microsoft never sends out fixes via e-mail.
The worm has the following characteristics:
Subject: LiveUpdate Informations
I have send you the needed informations for the new worm-backdoor discovered. The Backdoor is called W32.Bug.Gear.A. You can run the attachment to avoide getting hacked by closing the backdoor.
If the file is run, the worm drops a copy of itself into the C:windowssystem32 folder. It also makes tweaks to the Windows registry so the worm runs every time the system starts. Bugbros then uses Microsoft Outlook to send copies of itself to people listed in the Outlook address book.
Bugbros is not the first worm to spoof the firstname.lastname@example.org e-mail address. The Palyh worm last May also appeared to come from that address.