Derdero A/B/C - New sophisticated email worm
Three new variants of this new worm surfaced over the weekend. It is advanced like MyDoom, Netsky, and other email worms, so this new family is worth monitoring
W32.Derdero.A@mm is a mass-mailing worm that uses it own SMTP engine to send email to addresses that it retrieves from the Windows Address Book. The email will have a variable subject and attachment name. It also attempts to spread through file-sharing programs and infects all .exe files on the C drive.
Large scale e-mailing: Sends itself to addresses found in the Windows Address Book.
Deletes files: n/a
Modifies files: Infects .exe files. Modifies the Hosts file.
Degrades performance: Slows down computer.
Causes system instability: Due to the overwriting of .exe programs, many programs will fail to run.
Releases confidential info: n/a
Compromises security settings: Attempts to end some security-related processes.
Subject of email: Varies
Name of attachment: Varies with a .cmd, .exe, .pif, .scr, or .zip file extension. The file may also have a double-extension ending in one of the previous extensions.
Size of attachment: n/a
Time stamp of attachment: n/a
Shared drives: n/a
Target of infection: Attempts to spread through file-sharing networks by copying itself to folders which contain the string "shar" in their name.
From: <Spoofed> - One of following:
Subject - One of the following:
URGENT PLEASE READ!
New Worm Alert
Malware Avoidance tips
Message Body - One of the following:
Your Email account information has been removed from the system due to
inactivity. To renew your account information refer to the attachment
We regret to inform you that your account has been hijacked and used for
illegal purposes. The attachment has more information about what has
Our Email system has received reports of your account flooding email
servers. There is more information on this matter in the attachment
Due to recent internet attacks, your Email account security is being
upgraded. The attachment contains more details
Our server is experiencing some latency in our email service. The
attachment contains details on how your account will be affected.
A new worm is circulating around. To protect yourself, read the attached
Please run the urgent patch attached to protect yourself from a new
As a service to our users, we have attached a note on avoiding malware.
Attachment - One of the following:
Extentions - One of the following: