This thing is spreading like wildfire. Which is sad, because it's one of the worst attempts at social engineering ever. We should go beat the people who actually ran these attachments.

It has the potential to be nasty. There is some “innocent looking“ stuff it does with notepad, which might lead the user to believe that it's harmless. It copies itself to taskmon.exe in your system directory, opens a backdoor on TCP port 3217, launches a DDoS against sco.com, and harvests e-mails from files (such as HTML, TXT and PHP). It also attempts to propogate not only over e-mail but over KaZaa (see? RIAA was right - downloading music is bad for you :).

In my mind, the worst thing about it is that it spoofs e-mail. So someone's probably out there getting e-mails from me, cursing me out that I've sent them a virus. But it wasn't me, it was someone who had me in their contacts and was infected.

I hope I don't have to change my e-mail again...  :)


blog comments powered by Disqus