Sue
December 19th, 2001, 7:21pm
http://www.zdnet.com/zdfeeds/msncobrand/news/0%2C13622%2C2833821%2C-hud00025nsab%2C00.html
The worm, operating under the guises of Zacker, Reeezak, Maldal and Keyluc, arrives with the subject header "Happy New Year" and contains a file attachment entitled "christmas.exe." It uses familiar social engineering tactics to entice recipients to double click on the attachment, before mailing itself and the victim's contact list to everyone in the contact's address book.
"Over the last week, we have seen thousands of executable files like this that have been sent as jokes or Christmas cards," said Shipp. "We have seen 4,000 copies of such viruses this week, and so from a social engineering point of view, it looks like this virus will continue."
The worm arrives with the body text:
"I can't describe my feelings But all i can say is Happy New Year :-) Bye."
Once the Christmas.exe application is opened, the worm will modify the user's Internet Explorer (IE) home page so that the browser now points to a malicious Web site. This site will then exploit a vulnerability in IE and run a Visual Basic Script on the infected computer that will attempt to delete significant portions of the Windows operating system.
Experts believe the worm spreads through shared network drives, and by taking advantage of Microsoft applications. Computer Associates has reported that the virus will email itself to everyone in an infected victim's Outlook address book.
According to reports, Symantec believes the worm also spreads via Microsoft's Instant Messaging software, and will try to delete antivirus software from an infected PC.
The worm, operating under the guises of Zacker, Reeezak, Maldal and Keyluc, arrives with the subject header "Happy New Year" and contains a file attachment entitled "christmas.exe." It uses familiar social engineering tactics to entice recipients to double click on the attachment, before mailing itself and the victim's contact list to everyone in the contact's address book.
"Over the last week, we have seen thousands of executable files like this that have been sent as jokes or Christmas cards," said Shipp. "We have seen 4,000 copies of such viruses this week, and so from a social engineering point of view, it looks like this virus will continue."
The worm arrives with the body text:
"I can't describe my feelings But all i can say is Happy New Year :-) Bye."
Once the Christmas.exe application is opened, the worm will modify the user's Internet Explorer (IE) home page so that the browser now points to a malicious Web site. This site will then exploit a vulnerability in IE and run a Visual Basic Script on the infected computer that will attempt to delete significant portions of the Windows operating system.
Experts believe the worm spreads through shared network drives, and by taking advantage of Microsoft applications. Computer Associates has reported that the virus will email itself to everyone in an infected victim's Outlook address book.
According to reports, Symantec believes the worm also spreads via Microsoft's Instant Messaging software, and will try to delete antivirus software from an infected PC.