New Versions of The Worm "Frethem" Are Loose On The Internet!
17 Jul 2002
Kaspersky Lab warns all computer users of a large number of registered infections from new modifications to the "Frethem" Internet-worm (modifications K and L).
For penetration "Frethem" exploits a 1 1/2-year-old vulnerability in the Internet Explorer security system (the IFRAME-vulnerability). Due to this vulnerability a system becomes infected at the moment the infected e-mail is read. The message has the following characteristics:
Subject: Re: Your password!
You can access
DO NOT SAVE
password to disk
use your mind
Attached files: decrypt-password.exe, password.txt
After an infected file is launched the worm registers itself in the Windows system registry's start-up directory and scans the system for files of the WAB (Windows Address Book) and DBX formats and sends out its copies to e-mail addresses found there. In addition "Frethem" installs on infected machines a utility allowing hidden remote administration, giving an intruder the chance to manage a users system and install new versions of the "Frethem" worm family.
The procedure defending against this malicious program has already been added to the Kaspersky Anti-Virus database. More detailed information about the "Frethem" family of Internet-worms can be found in the Kaspersky Virus Encyclopedia
Kaspersky Lab strongly recommends users install the Internet Explorer patch that eliminates the browser's security system vulnerability. This will allow users to protect their computers against not only current threats but future worms as well, which target the IFRAME-vulnerability. You can download the free-of-charge patch (included in the service pack) here