January 25, 2006Will 3Feb2006 Be a Black Friday?
A particularly nasty worm has been installed on over 1,100,000 PCs around the world. How do we know? Because the worm includes code that reports to a central location each time it gets installed.
Aside from doing the usual things (disabling antivirus software, installing its own SMTP server, harvesting email addresses, remailing itself to those harvested addresses, etc.), according to those who dissect this stuff, this one is a ticking time bomb: On the third of every month, it will overwrite data files in the infected PC. And I'm not talking just any ol' data file, but all files with filename extensions from programs like Word, Excel, Access, Powerpoint, Photoshop, Acrobat, and all zipped files (plus some others).
If your PC is already infected, your antivirus software may not help. In fact, your protection is likely disabled. Antivirus vendors, such as Symantec and McAfee offer tools for its customers to rid your PC of this garbage, and Microsoft offers instructions and a tool for identifying and removing the infection (not tested here, so use at your own risk, and always back up your data before messing with this stuff).
This worm propagates predominantly through an email attachment. The Subject: lines look like they could be from anyone (e.g., "A Great Video," "Fw: DSC-00465.jpg," "Fw: Funny :)," "Fw: SeX.mpg"), and because To: and From: addresses are harvested from the machine of someone who has a document somewhere with your address in it, you may even recognize the From: address (which is not necessarily that of the owner of the machine doing the actual sending). The body of the worm-laden message uses common social engineering tactics to encourage you to open the attachment (e.g., "Note: forwarded message attached. You Must View This Videoclip!").
Open that attachment on a Windows machine without the absolute latest antivirus updates, and on February 3rd you'll be ready to make a self-portrait video of someone in tears over a lifetime's data lost.Posted on January 25, 2006 at 08:41 AM