Article

Worm's creative attachment cons users

Shawna McAlearney, News Editor

The Mydoom-A worm skyrocketed across the Internet Tuesday, but it left many security managers scratching their heads about how an e-mail-attached executable could con so many users into opening it.

    Requires Free Membership to View

Even normally vigilant users could be induced into clicking on the seemingly innocuous social-engineered "text" file.

At its height Tuesday, Central Command reported more than 400,000 infected systems and said the worm accounted for one in nine e-mails.

"The name of the file looks like a text file, because it says 'txt' and is followed by 60 spaces and then one of a number of executables," said Brian Dunphy, senior manager of analysis operations for Symantec Managed Security Services. "The file name is simply too long to appear fully."

Also called Novarg and Mimail-R, the randomized e-mail and P2P worm spoofs addresses and includes subject lines that suggest a previous message had errors. Clicking the e-mail attachment can release an unwelcome payload.

"The worm is very aggressive; it can install an e-mail proxy server that could be used to further infection or be used by spammers, or it can install a remote backdoor Trojan that will allow unauthorized access," said Steven Sundermeier, VP of products and services at Central Command.

Was your organization infected or impacted in some other way? Please send us your stories at mailto:SWPcomments@infosecuritymag.com. We will honor requests for anonymity.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: