17 Jul 2002
W32/Frethem-Fam worms spreading in the wild
Sophos has received an increasing number of reports of W32/Frethem-Fam and
its variants during the past few days.
Many of the first reports came from Japan, although later
submissions to Sophos's support team have orginated from a variety
of countries.
The worms arrive in an email with the subject line 'Re: Your
password!' and two attachments, one called 'decrypt-password.exe'
and the other 'password.txt'. The worm is contained in the attached
EXE file, which attempts to exploit an Microsoft Outlook bug in
order to run automatically when the email is read.
Sophos has been able to protect against W32/Frethem-Fam since 12
June, and has been able to detect all variants of the worm to date
since 15 July.
Sophos also advises organisations to implement safe computing practices, such as blocking
executable files and emails with specific subject lines, to prevent
the spread of this and many other email-aware worms.
About Sophos
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing complete security solutions that are simple to deploy, manage, and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, mobile and network security solutions backed by SophosLabs - a global network of threat intelligence centers.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.