New mass-mailing worm is out there.
Learn more about here.
A friend of mine send me a "Decrypt-password.exe" and a text file called "Password.txt"
today and I wondered why he did so. Then some other friends of my friend and me send me this "Decrypt-password.exe", too. Forwarded from my friends account. My antivir didnt cry but I prefered to search the web and so I found out.
I got the warning on this worm this morning from several security and anti-virus services. McAfee has already released a new virus definition file to cover this new worm.
Update your protection everyone and warn your users and friends who are not as computer literate!
I heard about this a few days ago. This is actually a varient of W32/FrethemB@MM. I actually heard of another variant ...FrethemK... today. Symantec has released new updates which find both of these, plus all other known variants. If you use Norton and there are no new LiveUpdate definitions, just download the Intelligent Updater version here:
Several of the users on my network have been receiving this worm. Actually, the worm never made it through but was caught by our AV software. This worm isn't dangerous, just another one of those things you get tired of seeing after a while.
Hmmm...interesting, the SNORT filters I have had been detecting it as a KLEZ worm...don't see any reference to it in the article. Might have to check up on this, must have some common packet fields in it or maybe it is a variant...
there seems to be a fix for the W32/Frethem and the other varients of the virus on the PANDA website ie. http://www.pandasoftware.com
I have run the " fix " and have yet to learn if the virus has been totally elliminated.
Another example of why norton rules, it truly does rule. BTW Does anybody know any other names these worm mailings go by? Instead of decrypt.exe and password.txt? Just want to be safe. I'll probably have to check the symantec site though. And one more question that I've been wondering about for a long time, what lang are viruses written in? I'm just curious here, because it seems to be one question I've never heard asked or answered.