WORM_FREGIT (low risk)

Discussion in 'malware problems & news' started by Randy_Bell, Nov 22, 2002.

Thread Status:
Not open for further replies.
  1. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
    WORM_FREGIT.A and its variants, WORM_FREGIT.B and WORM_FREGIT.C, are non-destructive, memory-resident, non-encrypted worms that use Microsoft Outlook to send themselves as attachments to an email message sent to all addresses listed in the infected user's Microsoft Outlook address book.

    These worms arrive in an email as an attachment named FreeGift.scr. Upon execution, the worm copies itself to a FreeGift.scr file in the Windows System directory and creates a registry entry so that its dropped copy, FreeGift.scr, automatically executes at every Windows startup.

    The email subject line of the message it sends, is chosen from a fixed list of possibilities, and the message body contains the following (the message starts and ends with any of the following):

    Message Body:

    >>>>>>><<<<<<<>>>>>>><<<<<<<>>>>>>><<<<
    --------------------------------------------------------------
    ========================================
    *************************************************************
    ###########################################
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    "Free Gift" Requested For: <Recipient>

    This email was originally requested by this very kind person to send you a free gift! Your free gift (in the atachments) is an installation package that will download your free software (along with a setup file) from our home page (http://www.freegift.<ext> /)

    If you have any setup difficulties or troubleshooting on how to use the setup, contact and you will be emailed back shortly.

    Have fun with your free gift!

    Attachment: Free_Gift.scr

    The extension of the URL provided in the email message may be .net, .com, or .co.uk. The worm randomly selects the creator's address from three fixed lists of possibilities.

    If you would like to scan your computer for any of the variants of WORM_FREGIT or thousands of other worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's free online virus scanner at: http://housecall.trendmicro.com

    WORM_FREGIT.A, WORM_FREGIT.B, and WORM_FREGIT.C are detected and cleaned by Trend Micro pattern file #388 and above.
     
Loading...
Thread Status:
Not open for further replies.