Also known as W32/Tanx, the worm spreads via email and arrives with the subject line 'ID' alongside random characters, according to Sophos reports. The message text usually states, 'Yours ID.'
Attached to the message is a randomly titled .exe file. If recipients try to open the attachment, they unknowingly enable the ability for hackers to gain remote access. In addition to this, the worm also harvests email addresses from infected PCs. The problem arises from the virus' spoofing of the sender's address to fool recipients into opening the email.
BitDefender experts have found infections of the worm in
Meanwhile, F-Secure reports that while the worm is infecting machines quickly, it is programmed to stop on Feb. 25.