Kaspersky warns of new worm attack

Published February 27, 2014 11:38am

Cybercriminals are at it again, trying to infect victims with a worm via a series of social engineering campaigns, a security vendor said.

Kaspersky Labs said the latest wave of threats came as email messages trying to convince the recipients to open the attached files.

"Recently ... we saw a series of messages persistently sent to the same email address. Apparently, the attacker’s main goal was to infect that computer – all emails, no matter what their headers were, contained Email-Worm.Win32.NetSky.q," Kaspersky researcher Tatiana Kulikova said.

Kulikova said the worm, upon infecting a computer, finds all the email addresses in it and copies itself to them.

It would use specific short phrases and avoiding any email addresses that may be directly associated with IT security providers like antivirus companies, Kulikova added.

According to Kulikova, the first message Kaspersky detected claimed to be from PayPal, and that a bill for the user was contained in the attachment.

"However, alert users might recall that PayPal typically includes billing information in the body text, and not in an attached file," Kulikova said.

A second email claimed to come from USA Hosting administration, and also tried to convince the user to open the attachment.

The third email supposedly came from antivirus maker Symantec - with a virus signature from rival Bitdefender.

Kulikova reminded users to exercise extra caution when dealing with any email that arrives with attachments.

"It’s important to remember that any official letter should have the appropriate design – and authentic logos and signatures. If users are uncertain about the identity of the sender, it’s worth contacting the company’s technical support line for confirmation," Kulikova said. — TJD, GMA News

Tags: kaspersky, malware