HackfixNews: W32.Frethem.K@mm Worm

  • From: "Mike" <mikebike@xxxxxxxxx>
  • To: hackfixnews@xxxxxxxxxxxxx
  • Date: Mon, 15 Jul 2002 17:38:34 -0700



Virus name: W32.Frethem.K@mm

Common virus name; Win32 worm

Discovered: July 12 
Date: 15 July 2002

Variants: a variant of W32.Frethem.B@mm
Reference urls:
Symantec;
http://securityresponse.symantec.com/avcenter/venc/data/w32.frethem
.k@xxxxxxx

Sophos;
http://www.sophos.com/virusinfo/analyses/w32frethemfam.html

Trend;
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WOR
M_FRETHEM.K

Information borrowed from; SYMANTEC SECURITY ALERT

Technical information: 
   W32.Frethem.K@mm sends itself to email addresses
   it finds in the Microsoft Windows Address Book, as
   well as any email addresses found in files ending
   with the following extensions:

   ..dbx, .wab, .mbx, .eml, and .mdb

The email includes the following:

Subject: Re: Your password!
Attachments: Decrypt-password.exe and Password.txt
Message:
ATTENTION!

You can access very important information by this
password

DO NOT SAVE password to disk use your mind

now press cancel


After sleeping for several hours, the worm also copies
itself to
C:\Windows\All Users\Start Menu\Programs\Startup\Setup.exe
so it is executed each time Windows is started.

~~~~

Mike ~ It is a good day if I learned something new.
Editor MikesWhatsNews see a sample on my web page
http://www3.telus.net/mikebike
<mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe>
See my Anti-Virus pages ~ http://virusinfo.hackfix.org 
<virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe>



~*~*~*~*~
To unsubscribe from our list send an email 
to hackfixnews-request@xxxxxxxxxxxxx?Subject=unsubscribe.

For a complete list of email commands for our list send 
an email to ecartis@xxxxxxxxxxxxx with a subject line of 
"info hackfixnews" without the quotes.
~*~*~*~*~

Other related posts:

  • » HackfixNews: W32.Frethem.K@mm Worm