Browse archive

Latest news

Experts highlight top data breach vulnerabilities

Review: Logging and Log Management

Commission wants to minimize U.S. IP theft economic impact

NYPD detective accused of hiring email hackers

Why BYOx is the next big concern of CISOs

Free tool repairs critical Windows configuration vulnerabilities

Guantanamo cuts off Wi-Fi access due to OpGTMO

IT pros focus on cloud security, not hype

Blue Coat to acquire Solera Networks

APT1 is back, attacks many of the initial U.S. corporate targets

Aurora attackers were looking for Google's surveillance database

U.S. DOJ accuses journalist of espionage

Find TrueCrypt and BitLocker encrypted containers and images

The CSO perspective on healthcare security and compliance

Hacking charge stations for electric cars

Beware of Frethem Worm

Posted on 16.07.2002

In the latest press release, Panda Software warns users of a new e-mail virus: W32/Frethem.K. While this e-mail worm carries a rather low threat level, it is spreading rapidly throughout Europe (this is possibly a questionable assumption). The e-mail message carries only one subject field: "Re: Your password!" and exploits the vulnerability in Microsoft Internet Explorer versions 5.01 and 5.5. This older vulnerability allows the virus to run automatically when the user views the message in the preview pane.

Update 2.50 am 17 July 2002 - Added BitDefender Anti Frethem utility under solutions section, BitDefender Frethem analysis and press release and RTVR statistics are refreshed)

Worm information:

Panda Software on HNS: E-Mail Message "Your Password!" Is A Virus
Kaspersky Labs on HNS: I-Worm.Frethem.e Analysis
Sophos: W32/Frethem-Fam Analysis
Trend Micro: Worm_Frethem.K Analysis
Symantec: W32.Frethem.K@mm Analysis
McAfee: W32/Frethem.l@MM Analysis
Eset (NOD32): Win32/Frethem.L Worm Analysis
BitDefender: Win32.Frethem.J/K@mm Analysis
BitDefender on HNS: High risk of spreading for the Frethem virus
ZDNet: New worm: Wanna know a secret?

Solutions:

1) This worm exploits the same vulnerability in Internet Explorer 5.01 and 5.5 that Klez did. Microsoft released a security bulletin and patch for this problem on March 29, 2001. Advisory was titled "Microsoft Security Bulletin (MS01-020) - Incorrect MIME Header Can Cause IE to Execute E-mail Attachment" (link is here). As noted in this bulletin: The above patch has been supserseded by the IE 5.01 and 5.5 patches discussed in MS01-027 (link is here)
2) As the subject line of an e-mail containing this worm is always the same (Re: Your password!) it should be easy to use content filtering for stopping this worm crawl the gateways.
3) Besides infecting and carrying out other destructive actions, W32/Frethem.K makes certain changes to the configuration of your computer as it modifies the Windows registry. Panda Software offers a tool that makes it possible to restore the original configuration of your computer: PQREMOVE (link is here). Contact information is needed for downloading this freeware tool.
4) BitDefender released Anti Frethem tool which is available from our software section:
http://www.net-security.org/software.php?id=206

BitDefender RTVR statistics [Last 7 days section - 2.51 am 17 July 2002):
Source: http://www.net-security.org/v/bd/RTVR/rtvr_7days.php