Worm Attack! Your mailbox is under threat
In our practice, we often encounter cases where messages with a malicious attachment are mass-mailed to many addresses at the same time. Recently, though, we saw a series of messages persistently sent to the same email address. Apparently, the attacker’s main goal was to infect that computer – all emails, no matter what their headers were, contained Email-Worm.Win32.NetSky.q. This worm’s characteristic feature is that it spreads via email attachments. After infecting a computer, the worm finds all the email addresses in it and copies itself to them, using specific short phrases and avoiding any email addresses that may be directly associated with IT security providers, such as antivirus companies.
The first message we detected purportedly came from the PayPal payment system. The text in the body of the letter said that there was a bill for the user in the attachment.