The worm shows up in your inbox with a (possibly) zipped file attachment, usually message.zip and a return address of "admin@somedomain" (where somedomain = a valid domain, possibly yours). Unzipping the file creates message.htm. Clicking on the web file fires up your Internet Explorer browswer and runs the JavaScript-based worm hidden the the file.
The worm then gathers e-mail addresses from the local machine, generates new infected messages and sends them to the collected addresses via a list of known open relays. Congratulations, you've just spammed your friends, family, and coworkers with infected messages.
Precautions to take:
- Make sure your browser is up-to-date (the vulnerability this worm exploits has been around since January)
- Don't open unsolicited mail from people you don't know, especially those with attachments.
- Install an anti-virus product and keep it up-to-date.
No comments:
Post a Comment