The worm propagates through email via an attachment called “rechnung.zip.exe” and the subject line “KD Webshop Bestellung”, according to the blog.
Adam Biviano, premium services manager at Trend Micro A/NZ, stated that the worm enters a machine and hides itself, downloads a trojan, and logs passwords and other user activities.
“It’s not designed to target .gov, Microsoft or other well known files. It’s trying to hide itself from those that can source it. It’s still proving that the user is the weakest link,” said Biviano.
Biviano estimates a thousand Australian computers have been infected by the worm since it was first detected a few months ago.
Malicious worm reemerges
By Negar Salek on Feb 7, 2007 5:31PM