A new mass-mailer worm in the wild poses as a flaw fix from Microsoft.
Bugbros-A arrives attached to an e-mail that purports to be from support@microsoft.com. The message says the attached worm
Requires Free Membership to View
SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!
Michael S. Mimoso, Editorial Director
is a fix for a new back-door called BugGear-A.
The worm doesn't contain a destructive payload. It can infect machines running Windows 95, 98, ME, NT, 2000 and XP, according to an advisory from antivirus software vendor Trend Micro Inc.
Astute readers probably wouldn't be fooled by the worm's social engineering because the message contains numerous misspellings. Also, it's widely known that Microsoft never sends out fixes via e-mail.
The worm has the following characteristics:
Subject: LiveUpdate Informations
Message body:
Hi,
I have send you the needed informations for the new worm-backdoor discovered. The Backdoor is called W32.Bug.Gear.A. You can run the attachment to avoide getting hacked by closing the backdoor.
Bye
Attachment: varies
If the file is run, the worm drops a copy of itself into the C:windowssystem32 folder. It also makes tweaks to the Windows registry so the worm runs every time the system starts. Bugbros then uses Microsoft Outlook to send copies of itself to people listed in the Outlook address book.
Bugbros is not the first worm to spoof the support@microsoft.com e-mail address. The Palyh worm last May also appeared to come from that address.