Update 2.50 am 17 July 2002 - Added BitDefender Anti Frethem utility under solutions section, BitDefender Frethem analysis and press release and RTVR statistics are refreshed)
Panda Software on HNS: E-Mail Message "Your Password!" Is A Virus
Kaspersky Labs on HNS: I-Worm.Frethem.e Analysis
Sophos: W32/Frethem-Fam Analysis
Trend Micro: Worm_Frethem.K Analysis
Symantec: W32.Frethem.K@mm Analysis
McAfee: W32/Frethem.l@MM Analysis
Eset (NOD32): Win32/Frethem.L Worm Analysis
BitDefender: Win32.Frethem.J/K@mm Analysis
BitDefender on HNS: High risk of spreading for the Frethem virus
ZDNet: New worm: Wanna know a secret?
1) This worm exploits the same vulnerability in Internet Explorer 5.01 and 5.5 that Klez did. Microsoft released a security bulletin and patch for this problem on March 29, 2001. Advisory was titled "Microsoft Security Bulletin (MS01-020) - Incorrect MIME Header Can Cause IE to Execute E-mail Attachment" (link is here). As noted in this bulletin: The above patch has been supserseded by the IE 5.01 and 5.5 patches discussed in MS01-027 (link is here)
2) As the subject line of an e-mail containing this worm is always the same (Re: Your password!) it should be easy to use content filtering for stopping this worm crawl the gateways.
3) Besides infecting and carrying out other destructive actions, W32/Frethem.K makes certain changes to the configuration of your computer as it modifies the Windows registry. Panda Software offers a tool that makes it possible to restore the original configuration of your computer: PQREMOVE (link is here). Contact information is needed for downloading this freeware tool.
4) BitDefender released Anti Frethem tool which is available from our software section:
BitDefender RTVR statistics [Last 7 days section - 2.51 am 17 July 2002):
|Virus Name||Infected files||Infected systems|
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.