A new mass-mailer worm in the wild poses as a flaw fix from Microsoft.
Bugbros-A arrives attached to an e-mail that purports to be from email@example.com. The message says the attached worm is a fix for a new back-door called BugGear-A.
The worm doesn't contain a destructive payload. It can infect machines running Windows 95, 98, ME, NT, 2000 and XP, according to an advisory from antivirus software vendor Trend Micro Inc.
Astute readers probably wouldn't be fooled by the worm's social engineering because the message contains numerous misspellings. Also, it's widely known that Microsoft never sends out fixes via e-mail.
The worm has the following characteristics:
Subject: LiveUpdate Informations
I have send you the needed informations for the new worm-backdoor discovered. The Backdoor is called W32.Bug.Gear.A. You can run the attachment to avoide getting hacked by closing the backdoor.
If the file is run, the worm drops a copy of itself into the C:windowssystem32 folder. It also makes tweaks to the Windows registry so the worm runs every time the system starts. Bugbros then uses Microsoft Outlook to send copies of itself to people listed in the Outlook address book.
Bugbros is not the first worm to spoof the firstname.lastname@example.org e-mail address. The Palyh worm last May also appeared to come from that address.