(Rant at end of post)
Another version of the many Social engineering Worms doing the rounds..
this Heads Up is more to remind the unwashed that many of our "helpful" internet friends may not be...
From the Symantec Website: Kwbot.s page
Currently Rated Cat 2: with a high Distribution rate.. Damage and Wild levels are Low..W32.Kwbot.S.Worm@mm is a mass-mailing variant of W32.Kwbot.Worm. The worm attempts to spread through the Kazaa file-sharing network and uses its own SMTP engine to email itself to contacts in the Windows address book.
The email message has the following characteristics:
Subject: (randomly chosen from the following list)
check this out
please give me feedback on this
long time no see
pictures of the kids
W32.Kwbot.S.Worm@mm is packed with UPX v1.20.
Also check current version of Mimail.L
.. typical of these type.. recieved a copy today.. from a German friend.. the headers listed the mail server as Singapore.... except.. his mail server is not in singapore.. his daughter's is.. guess who the infected party is..
Oh and guess who else is infected.. ..
Currently I check the Headers and routing information on emails with attachments that pass the AV scann.. Any one know of an automated approach ,, to check that the from ADD and Mail server match a known list.. Currently using "Pop3 Scan Mailbox" to view the header info before downloading.. this is my semi auto spam filter.. and how I check/compare Addy with mail server..
Cheers (Still Smelly) Undies