The first of the season's 9/11 anniversary worms has been detected by security firms this week, and more are likely to follow.
The worm, dubbed W32/Neroma@MM and Worm/Icebut.A by security vendors, typically shows 'Nice butt, baby!' in the e-mail message's body, displays the subject heading 'It's Near 911!', and disguises its payload as an attachment with the .jpg extension. Although the extension may fool some people into thinking it's a digital image--and launching the file--it's actually an executable that installs on the infected machine.
If recipients open this attachment, Neroma will try to delete files on the 1st, 4th, 8th, 12th, 16th, 20th, 24th, and 28th day of each month. Neroma propagates by mailing itself to addresses it culls from an infected system's Microsoft Outlook address book.
Although Neroma has been characterized as a minor threat by security firms--Sophos on Friday noted in a statement that "it poses a low threat to customers who practice safe computing"--it's likely only the first of several viruses and worms that will try to spread using 9/11 as an enticement to get recipients to open attachments.
News source: CRN