E-mail worm pretending to be a letter from Microsoft once again Kaspersky Labs, a leading information security software developer, warns users about three new modifications of Dumaru, an email worm: versions j, .k and .l. The unusual propagation techniques and high dissemination rate have resulted in infections worldwide, causing a new global outbreak.
Dumaru was first detected in September 2003 and has remained among the most active malicious programs ever since. The original worm was written in Russia, but subsequent versions appears to come from Germany. The latest versions of Dumaru contain only minor modifications. However, the multi-tier propogation method used to disseminate the malicious program has caused a worldwide outbreak within a matter of days.
Initial propagation was assured by the mass mailing of a message purportedly originating from Microsoft in winch users were offered updates to their virus protection.
In reality, the message contains the Trojan program UrlSpoof. Once the link in the letter is activated, a new Internet window opens onto a Microsoft. look-alike web site. Moreover, "UrlSPOoF" utilizes a vulnerability in Internet Explorer, winch allows the worm...