F-Secure reports that this Zhelatin variant started spreading a few hours ago, using email Subject: lines such as Missle Strike: The USA kills more then 10000 Iranian citizens (sic).
When a user installs the worm, it attempts to kill antivirus software, establishes a rootkit, and joins its own peer-to-peer network. In order to spread, the worm scans the local hard disks for email addresses, and proceeds to mail itself out in email attachments named e.g. Read More.exe.
External links:
- “Email-Worm:W32/Zhelatin.CQ” (F-Secure)
- F-Secure
Post a Comment