Browse archive

Latest news

Fighting cybercrime is on the right track

Google set to upgrade its SSL certs

IT security pros have trouble communicating with executives

Zeus variants are back with a vengeance

Facebook phishers target Fan Pages owners

Killer apps: The performance of networked applications

Is it time to professionalize information security?

Google researcher reveals another Windows 0-day

Twitter finally offers 2-factor authentication

DHS employees' info possibly compromised due to system flaw

Teens are into online sharing, but are also more privacy-aware

The dangers of downloading software from unofficial sites

Microsoft decrypts Skype comms to detect malicious links

Review: Logging and Log Management

Hacking charge stations for electric cars

E-Mail Message "Your Password!" Is A Virus

Posted on 16 July 2002.

Los Angeles, July 15, 2002

Panda Software, leading antivirus software producer, warns users of a new e-mail virus: W32/Frethem.K. While this e-mail worm carries a rather low threat level, it is spreading rapidly throughout Europe. The e-mail message carries only one subject field: "Re: Your password!" and, as Klez, exploits the vulnerability in Internet Explorer 5.01 and 5.5 that allows the virus to run automatically when the user views the message in the preview pane.

Unlike Klez, the worm carries only one subject line:

Re: Your password!

The text of the message reads as follows:

ATTENTION!
You can access
very important
information by
this password
DO NOT SAVE
password to disk
use your mind
now press
cancel

Attachments (attached files):
Decrypt-password.exe
Password.txt

The initial variant of this worm, Frethem.G, appeared Saturday, with very few incidents reported. The variant, Frethem.K appeared this morning and is spreading rapidly throughout Europe, with many incidents reported in Denmark, Belgium, Spain and Asia. It is suspected the worm originated in Asia.

Panda Software has updated their signature files to detect and disinfect the Frethem.K worm and its variants. As the subject line is always the same, "Re: Your Password!" content filtering is suggested to prohibit the worm from entering the user's computer. Panda warns all users to exercise caution when viewing e-mail messages and attachments, and to update their virus signature files immediately from their website at: http://www.pandasoftware.com. Users whose computers have been infected by Frethem can download the updated version of the free disinfection tool PQREMOVE from http://www.pandasoftware.com. More information on W32/Frethem.K is available in Panda Software's Virus Encyclopedia at: http://www.pandasecurity.com.

It is also advisable to apply the security patch supplied by Microsoft that fixes the vulnerability exploited by the virus. This can be downloaded from: http://www.microsoft.com/technet/security/bulletin/MS01-020.ASP.

About the International Independent AV Developer:

Panda Software (http://www.pandasecurity.com) is a leading international developer of computer security software for all types of customers: corporate clients, small and medium sized companies and home users. Panda's 100% in-house, cutting-edge technology has received awards and quality certifications from the most widely respected IT security institutions. Panda Software was the first to allow truly automatic, daily signature updates, as well as centralized administration of antivirus protection, both of which have revolutionized the antivirus industry. The quality of Panda Software's products has been endorsed by the major industry watchdogs including Virus Bulletin, ICSA Labs and CheckMark.