-=PCTechTalk=- W32.Frethem.K@mm worm
- From: Master NetLord <NetLord@xxxxxxx>
- To: PCTechTalk - Freelists <pctechtalk@xxxxxxxxxxxxx>,WinTips-Tricks <WinTips-Tricks@xxxxxxxxxxxxxxx>,WinXPHelp <WinXPHelp@xxxxxxxxxxxxxxx>
- Date: Mon, 15 Jul 2002 21:32:08 -0400
I've gotten two copies of this E-Mail tonight. Both we're stopped by Norton's
AV -- the attached files contained a virus called W32.Frethem.K@mm. This is
one I have not seen before so I thought I'd pass the information on. The text
of the E-Mail is shown below my signature. Here's what Norton's says about
this virus:
W32.Frethem.K@mm is a worm, and is a variant of W32.Frethem.B@mm. It uses its
own SMTP engine to send itself to email addresses that it finds in the
Microsoft Windows Address Book and in .dbx, .wab, .mbx, .eml, and .mdb files.
The email message arrives with the following characteristics:
Subject: Re: Your password!
Attachments: Decrypt-password.exe and Password.txt
Also Known As: I-Worm.Frethem.l [AVP], W32/Frethem.l@MM [McAfee],
WORM_FRETHEM.K [Trend], W32/Frethem-Fam [Sophos]
Type: Worm
Infection Length: 48,640 bytes
Systems Affected: Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP,
Windows Me
Systems Not Affected: Macintosh, Unix, Linux
CVE References: CVE-2001-0154
Regards from the
"Keyboard Cowboy",
Master NetLord
,,,,,
Ô¿Ô¬
Cincinnati, Ohio
Scottsdale, Arizona
«::::»¤«::::»¤¤«::::»¤«::::»
Monday
07/15/2002
9:20:18 PM
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
ATTENTION!
You can access
very important
information by
this password
DO NOT SAVE
password to disk
use your mind
now press
cancel
(M. S. Tinarwo)
A T T A C H E D F I L E S I N L I N E D I S P L A Y
Attached text follows, filename: password.txt
To unsub or change your email settings:
//www.freelists.org/webpage/pctechtalk
To access our Archives:
http://groups.yahoo.com/group/PCTechTalk/messages/
//www.freelists.org/archives/pctechtalk/
Other related posts:
- » -=PCTechTalk=- W32.Frethem.K@mm worm
