Worm's creative attachment cons users

By Shawna McAlearney, News Editor 29 Jan 2004 | SearchSecurity.com

Digg This!     StumbleUpon     Del.icio.us

The Mydoom-A worm skyrocketed across the Internet Tuesday, but it left many security managers scratching their heads about how an e-mail-attached executable could con so many users into opening it.

Even normally vigilant users could be induced into clicking on the seemingly innocuous social-engineered "text" file.

At its height Tuesday, Central Command reported more than 400,000 infected systems and said the worm accounted for one in nine e-mails.

"The name of the file looks like a text file, because it says 'txt' and is followed by 60 spaces and then one of a number of executables," said Brian Dunphy, senior manager of analysis operations for Symantec Managed Security Services. "The file name is simply too long to appear fully."

Also called Novarg and Mimail-R, the randomized e-mail and P2P worm spoofs addresses and includes subject lines that suggest a previous message had errors. Clicking the e-mail attachment can release an unwelcome payload.

"The worm is very aggressive; it can install an e-mail proxy server that could be used to further infection or be used by spammers, or it can install a remote backdoor Trojan that will allow unauthorized access," said Steven Sundermeier, VP of products and services at Central Command.

Was your organization infected or impacted in some other way? Please send us your stories at mailto:SWPcomments@infosecuritymag.com. We will honor requests for anonymity.

Tags: Malware, Viruses, Trojans and Spyware,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Malware, Viruses, Trojans and Spyware Schneier-Ranum Face-Off: Is antivirus dead? Modern malware, stealthy botnets, adapt quickly, expert says Computer worm infections up, scareware antivirus down, Microsoft says Web-based attacks skyrocket, pirating sites surge, security firms say Mini guide: How to remove and prevent Trojans, malware and spyware Kaspersky system analyzes malicious URLs on Twitter for malware Silon malware intercepts Internet Explorer sessions, steals credentials Breach forces payroll service provider PayChoice to shut down again RSA research underscores problem tracking cybercriminals Conficker analysis finds P2P coding limited, less sophisticated

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bot worm  (SearchSecurity.com) directory traversal  (SearchSecurity.com) government Trojan  (SearchSecurity.com) Kraken  (SearchSecurity.com) man in the browser  (SearchSecurity.com) polymorphic malware  (SearchSecurity.com) RAT (remote access Trojan)  (SearchSecurity.com) RavMonE virus  (SearchSecurity.com) RFID virus  (SearchSecurity.com) Rock Phish  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary