Kreeg net een mailtje van Norman. Dit lijkt serieus te zijn...

http://www.norman.no/virus_info/w32_frethem_e_mm.shtml

W32/Frethem.E@mm

General characteristics
Type: Worm
Spreading mechanism: Email
Email characteristics:
Subject: Re: Your password!
Body:

ATTENTION!

You can access
very important
information by
this password

DO NOT SAVE
password to disk
use your mind

now press
cancel



Attachment: decrypt-password.exe
Destructivity: None
Detected by virus detection files published: 11 Jun 2002
Virus characteristics first published: 11 Jun 2002 (CET)

Additional description of malicious program
Type
This is an email worm that sends itself to addresses found in the Windows Address Book and other sources. File size is 35840 bytes.

Spreading mechanism
The worm uses the same technique as the W32/Klez worm in order to execute automatically on opening or previewing the mail.

This is accomplished using a known security hole "Incorrect MIME Header Can Cause IE to Execute E-mail Attachment".
Information and patch is available from:
http://www.microsoft.com/technet/treevi ... 01-020.asp


The worm also makes a copy of itself in the
path <WINDIR>\Start Menu\Programs\Startup\setup.exe to ensure that it is started at bootup. This will only work on english language installations of Windows.

The worm may contact a number of different web servers and attempt to issue commands to a CGI script residing on these servers. The function of this script is not clear yet.


Further comments
The worm is not fully analysed yet.