Results 1 to 7 of 7

Thread: W32/Frethem.l@MM

  1. #1

    W32/Frethem.l@MM

    New mass-mailing worm is out there.

    Learn more about here.

    A friend of mine send me a "Decrypt-password.exe" and a text file called "Password.txt"
    today and I wondered why he did so. Then some other friends of my friend and me send me this "Decrypt-password.exe", too. Forwarded from my friends account. My antivir didnt cry but I prefered to search the web and so I found out.
    monoton

  2. #2
    Junior Member
    Join Date
    Jul 2002
    Posts
    14
    I got the warning on this worm this morning from several security and anti-virus services. McAfee has already released a new virus definition file to cover this new worm.

    Update your protection everyone and warn your users and friends who are not as computer literate!

  3. #3
    The Iceman Cometh
    Join Date
    Aug 2001
    Posts
    1,209
    I heard about this a few days ago. This is actually a varient of W32/FrethemB@MM. I actually heard of another variant ...FrethemK... today. Symantec has released new updates which find both of these, plus all other known variants. If you use Norton and there are no new LiveUpdate definitions, just download the Intelligent Updater version here:

    http://securityresponse.symantec.com....download.html

    AJ

  4. #4
    Several of the users on my network have been receiving this worm. Actually, the worm never made it through but was caught by our AV software. This worm isn't dangerous, just another one of those things you get tired of seeing after a while.
    - Maverick

  5. #5
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    Hmmm...interesting, the SNORT filters I have had been detecting it as a KLEZ worm...don't see any reference to it in the article. Might have to check up on this, must have some common packet fields in it or maybe it is a variant...

    Neb
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  6. #6
    Junior Member
    Join Date
    Oct 2001
    Posts
    4
    there seems to be a fix for the W32/Frethem and the other varients of the virus on the PANDA website ie. http://www.pandasoftware.com
    I have run the " fix " and have yet to learn if the virus has been totally elliminated.
    (-

  7. #7
    Junior Member
    Join Date
    Jul 2002
    Posts
    17
    Another example of why norton rules, it truly does rule. BTW Does anybody know any other names these worm mailings go by? Instead of decrypt.exe and password.txt? Just want to be safe. I'll probably have to check the symantec site though. And one more question that I've been wondering about for a long time, what lang are viruses written in? I'm just curious here, because it seems to be one question I've never heard asked or answered.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •