Beware of Frethem Worm
Posted on 16.07.2002
In the latest press release, Panda Software warns users of a new e-mail virus: W32/Frethem.K. While this e-mail worm carries a rather low threat level, it is spreading rapidly throughout Europe (this is possibly a questionable assumption). The e-mail message carries only one subject field: "Re: Your password!" and exploits the vulnerability in Microsoft Internet Explorer versions 5.01 and 5.5. This older vulnerability allows the virus to run automatically when the user views the message in the preview pane.



Update 2.50 am 17 July 2002 - Added BitDefender Anti Frethem utility under solutions section, BitDefender Frethem analysis and press release and RTVR statistics are refreshed)



Worm information:

Panda Software on HNS: E-Mail Message "Your Password!" Is A Virus
Kaspersky Labs on HNS: I-Worm.Frethem.e Analysis
Sophos: W32/Frethem-Fam Analysis
Trend Micro: Worm_Frethem.K Analysis
Symantec: W32.Frethem.K@mm Analysis
McAfee: W32/Frethem.l@MM Analysis
Eset (NOD32): Win32/Frethem.L Worm Analysis
BitDefender: Win32.Frethem.J/K@mm Analysis
BitDefender on HNS: High risk of spreading for the Frethem virus
ZDNet: New worm: Wanna know a secret?



Solutions:

1) This worm exploits the same vulnerability in Internet Explorer 5.01 and 5.5 that Klez did. Microsoft released a security bulletin and patch for this problem on March 29, 2001. Advisory was titled "Microsoft Security Bulletin (MS01-020) - Incorrect MIME Header Can Cause IE to Execute E-mail Attachment" (link is here). As noted in this bulletin: The above patch has been supserseded by the IE 5.01 and 5.5 patches discussed in MS01-027 (link is here)
2) As the subject line of an e-mail containing this worm is always the same (Re: Your password!) it should be easy to use content filtering for stopping this worm crawl the gateways.
3) Besides infecting and carrying out other destructive actions, W32/Frethem.K makes certain changes to the configuration of your computer as it modifies the Windows registry. Panda Software offers a tool that makes it possible to restore the original configuration of your computer: PQREMOVE (link is here). Contact information is needed for downloading this freeware tool.
4) BitDefender released Anti Frethem tool which is available from our software section:
http://www.net-security.org/software.php?id=206



BitDefender RTVR statistics [Last 7 days section - 2.51 am 17 July 2002):
Source: http://www.net-security.org/v/bd/RTVR/rtvr_7days.php

Virus NameInfected filesInfected systems
Win32.Frethem.J@mm 2714 509










Spotlight

The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Aug 27th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //