Hi Guy's,

This one is a classic example of the use of Social enginering..
And catch the size of this sucker..

Details from Symantec

Wild: Low
Damage: High
Distribution: High

This means this sucker when executed can fu><or your Windbloze 9x/xp box

W32.Gruel@mm is a worm that spreads by email and file-sharing networks. Its payload includes changing user passwords, hiding drive C, and making numerous changes to the system registry.

The email has the following characteristics:
Subject: Microsoft Windows Critical Update.
Attachment: Windows Critical Update 088562.exe




Type: Worm
Infection Length: 102,400 bytes
Systems Affected: Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Me
Systems Not Affected: Windows 3.x, Microsoft IIS, Macintosh, OS/2, UNIX, Linux
Catch the social enginering
Attempts to mail itself to all the addresses in the Microsoft Outlook Address book.
The email is formatted as follows:

Subject: Microsoft Windows Critical Update.

Message body:
Critical Update: The Microsoft Windows updates found on this patch include fixes to following Windows operating systems: Any update that is critical to the operation of your computer is considered a Critical Update, and is automatically selected for installation during the scan for available updates. This patch is provided to help resolve known issues, and to protect your computer from known security vulnerabilities and all kinds of viruses. Whether a patch applies to your operating system, software programs, or hardware, it is listed in the Critical Updates category, like this patch attached. For Support please contact us at [email protected].

Attachment: Windows Critical Update 088562.exe

Cheers