Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
New Worm Masquerades As Microsoft PatchNew Worm Masquerades As Microsoft Patch
The infection modifies settings in Windows machines and attempts to delete key system files.
1 Min Read
Several security firms have identified a new worm that poses as a critical software patch from Microsoft or an antivirus update from Symantec Corp.
The worm, which for the moment goes by multiple name, including W32.Gruel@mm and W32/Fakerr@mm, modifies a slew of system settings in Microsoft Windows machines and attempts to delete a host of crucial system files.
Like most worms, Gruel/Fakerr propagates via E-mail by lifting addresses from the Microsoft Outlook address book. However, it can also spread through the Kazaa file-sharing network. If the attached executable files are run, the worm modifies the Windows Registry, and tries to erase important system files, including all the .dll, .com, and .exe files in Windows' System32 folder.
While infection rates are currently very low and users armed with updated anti-virus software are protected, Gruel/Fakerr may get some traction because of its disguise. Two of the three variants of the worm masquerade as E-mails from Microsoft, and carry the subject heading "Microsoft Windows Critical Update."
Coincidentally or not, Microsoft announced three security flaws, including one it rates as critical, on Wednesday, just hours before the new worm was discovered. Users who have noticed mentions in the media of the Microsoft vulnerabilities might take it upon themselves to launch the attached file.
Gruel/Fakerr isn't the first worm to propagate via both E-mail and peer-to-peer networks such as Kazaa. In mid-May, the Fizzer worm also attempted to spread by copying itself to Kazaa shared folders.
About the Author
You May Also Like
More Insights
