Virus name: W32.Frethem.K@mm Threat level: Category 3 Common virus name; Win32 worm Discovered: July 12 Date: 15 July 2002 Variants: a variant of W32.Frethem.B@mm Reference urls: Symantec; http://securityresponse.symantec.com/avcenter/venc/data/w32.frethem .k@xxxxxxx Sophos; http://www.sophos.com/virusinfo/analyses/w32frethemfam.html Trend; http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WOR M_FRETHEM.K Information borrowed from; SYMANTEC SECURITY ALERT Technical information: W32.Frethem.K@mm sends itself to email addresses it finds in the Microsoft Windows Address Book, as well as any email addresses found in files ending with the following extensions: ..dbx, .wab, .mbx, .eml, and .mdb The email includes the following: Subject: Re: Your password! Attachments: Decrypt-password.exe and Password.txt Message: ATTENTION! You can access very important information by this password DO NOT SAVE password to disk use your mind now press cancel After sleeping for several hours, the worm also copies itself to C:\Windows\All Users\Start Menu\Programs\Startup\Setup.exe so it is executed each time Windows is started. ~~~~ Mike ~ It is a good day if I learned something new. Editor MikesWhatsNews see a sample on my web page http://www3.telus.net/mikebike <mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe> See my Anti-Virus pages ~ http://virusinfo.hackfix.org <virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe> ~*~*~*~*~ To unsubscribe from our list send an email to hackfix-virusnews-request@xxxxxxxxxxxxx?Subject=unsubscribe. For a complete list of email commands for our list send an email to ecartis@xxxxxxxxxxxxx with a subject line of "info hackfix-virusnews" without the quotes. ~*~*~*~*~