I’ve found a little more out about this new Email Worm that’s spreading like wildfire, thought i’d share it along.
It is extremely clever and hides itself quite well. The subject line sent to recipients seems to be taken from a random subject line that you have used previously to send to that recipient or failing that, just any old one that you have used. The attached file is a random one from your hard drive and the worm embeds itself in that file.
The attachment has a double extension, eg. .doc.pif or .doc.com or .zip.exe for example. Remember that double extensions don’t mean anything – there is only one, and it’s the last one. PIF files are just as runnable as COM or EXE or many of the others like VBS.
It emails contacts from your contact list, nothing new there.
It has its own SMTP client built into it – so you will not see any of the outbound messages in your mailbox making it that much harder to spot that you’re spamming the crud out of people at about 206k a time.
That’s all for now 🙂