The folks at The SANS Internet Storm Center say they’re seeing indications of a new worm making the rounds Thursday. The ISC handlers have gotten a slew of emails with varying subject lines promising a patch for an unnamed new worm. The messages contain two attachments: a ZIP file that is password-protected, and an image that includes the password for the ZIP archive. Among the subject lines of the emails are:
“Worm Activity Detected!”
“Dream of You”
Not very original, but as we’ve seen in the past, it often doesn’t take much in the way of guile to entice users to open malicious emails. The name of the ZIP file looks to be in the form of “patch<random four-digit number>.zip” the ISC said. We’ll keep an eye on this one.
UPDATE: Senior News Writer Bill Brenner outlined the worm outbreak and sheds light on how spammers are using it to create zombie machines.