Several security firms have identified a new worm that poses as a critical software patch from Microsoft or an antivirus update from Symantec Corp.
The worm, which for the moment goes by multiple name, including W32.Gruel@mm and W32/Fakerr@mm, modifies a slew of system settings in Microsoft Windows machines and attempts to delete a host of crucial system files.
Like most worms, Gruel/Fakerr propagates via email by lifting addresses from the Microsoft Outlook address book. However, it can also spread through the Kazaa file-sharing network. If the attached executable files are run, the worm modifies the Windows Registry, and tries to erase important system files, including all the .dll, .com, and .exe files in Windows' System32 folder.
While infection rates are currently very low and users armed with updated anti-virus software are protected, Gruel/Fakerr may get some traction because of its disguise. Two of the three variants of the worm masquerade as emails from Microsoft, and carry the subject heading "Microsoft Windows Critical Update".
Coincidentally or not, Microsoft announced three security flaws, including one it rates as critical, on Wednesday, just hours before the new worm was discovered. Users who have noticed mentions in the media of the Microsoft vulnerabilities might take it upon themselves to launch the attached file.
Gruel/Fakerr isn't the first worm to propagate via both email and peer-to-peer networks such as Kazaa. In mid-May, the Fizzer worm also attempted to spread by copying itself to Kazaa shared folders.
News source: iTnews - Worm masquerades as Microsoft patch
-1 Comments - Add comment