Password-Touting E-Mail Worm Spreads

The W32.Frethem.K worm uses its own SMTP (Simple Mail Transfer Protocol) engine to send itself to e-mail addresses it finds in the Microsoft Windows Address Book, and in the .dbx (Microsoft Outlook Express), .wab, .mbx, .eml, and .mdb files, according to Symantec.

The worm carries an attachment, Decrypt-password.exe and Password.txt, and a message that reads, "You can access very important information by this password. DO NOT SAVE password to disk use your mind now press cancel."

Frethem.K exploits a MIME (Multipurpose Internet Mail Extensions) header vulnerability in Internet Explorer, Network Associates' McAfee AVERT said. On systems with unpatched versions of IE, the file attachments automatically execute when the message is previewed or opened in Outlook and Outlook Express, according to Trend Micro.

Symantec rated the worm as a three, on a threat scale of one to five with five being the most serious. The company said it received 112 submissions of Frethem.K, including 25 from corporations.

Both McAfee AVERT and Trend Micro rated the worm as a medium risk.