printer friendly version

More attachment trouble!

Here is another way that virus writers get people to open attachments!

Subject: "Coca Cola is proud to accounce our new Christmas Promotion." 

Sender: "[email protected]"

Attachment: promotion.zip

Entices users to download the Coca Cola Promotion attachment. Obviously some people fall for the trap otherwise the virus would never be downloaded and hence be spread by curious and unsuspecting users

Attachments are compressed files, containing the worm itself.

The worm will also spread by copying itself into any removable media connected to the system, creating an 'autorun.inf' file to execute the worm when the device is connected to another system.

Infected computers are subjected to:-

1. It will add itself to the firewall's authorised applications list and not warn you of any of it partners in crime coming onto your computer.

2. One of these partners in crime is another component detected as Backdoor.Bot.67413 that is loaded. This one has backdoor capability, and will also log everything you type (think about passwords, pin numbers, credit card details etc), and save in a file (drm.ocx). Then will send this file to a server.

3. This worm is also a mass-mailer using its own SMTP engine, like many others. It sends itself to the harvested e-mail addresses it has collected from infected computers.

So by opening attachments like this you not only endanger yourself, but also endanger all  the e-mail addresses that it collects from your computer.

This also explains how you receive this mail from an unknown source and how they could have received your e-mail address.

Share this article:

Further reading: