Panda Software Reports the Appearance of Freedesktop, a New Email Worm
Added : ( May 2005 )
The worm attempts to dupe users into believing they have received a link to a web address from which they can download desktop themes
Panda Software, leading antivirus software developer, has reported the appearance of Freedesktop (W32/Win64.A), a mass-mailing worm designed to propagate rapidly.
Freedesktop uses a 'social engineering' technique to try and trick users into running the file that contains it by claiming they have received a web address from which they can download desktop themes. The name of the file that contains Freedesktop is that of a false Internet address.
The message used by the worm to spread has the subject field:
Subject: Re: Do your Windows looks like Windows XP? I have found very nice desktop themes!,
and the text:
Hello!
Do you like modern design of new Windows XP?! I have found FREE and easy to use desktop themes!
You can open attach with web site and samples! Enjoy it!!!
The name of the attached file that contains the malicious code is www.freedesktopthemes.com (although the file extension could also be any of the following: .m, .exe, .bat or .cmd.).
Once the attached file is run, Freedesktop sends itself out to every entry it finds in the Windows and any mail program's address books. Moreover, it looks for the default mail server in order to connect to it directly and send itself massively.
At regular intervals, Freedesktop attempts to connect to 19 URLS belonging to different communications companies in order to provoke a DoS (Denial of Service) attack on their servers.
Finally, the worm creates a file called status.ini in the affected computer. In computers whose operating system is in English, Freedesktop also generates a file named setup.exe in the Windows startup directory. In this way, the worm ensures it is run on every system startup.
Although this worm does not appear to be particularly dangerous, Panda Software still advises users to be on their guard and treat all e-mails received with caution.
In any event, Panda Software has posted the necessary updates to its antiviruses on the company's website at http://www.pandasoftware.co.uk and has published detailed information on this virus in the Panda Software Virus Encyclopedia at: http://service.pandasoftware.co.uk/library/virusCard.jsp?Virus=W32/Win64.A.
About Panda Software's virus laboratory
On receiving a possibly infected file, Panda Software's technical staff get straight down to work. The file is analyzed and depending on the type, the action taken may include: disassembly, macro scanning, code analysis etc. If the file does in fact contain a new virus, the disinfection and detection routines are prepared and quickly distributed to users.
Contact:
Julie Crosby
jcrosby@pandasoftware.co.uk
+44 (0)870 444 5640
Panda Software Reports the Appearance of Freedesktop, a New Email Worm
Submitted by:
Julie Crosby
Add your
press release for free.
Find
out more.
