Contact
QR code for the current URL

Story Box-ID: 372345

Symantec (Deutschland) GmbH c/o Regus Munich 5 Höfe Rosenheimer Strasse 143c 81671 München, Germany http://www.symantec.de
Company logo of Symantec (Deutschland) GmbH c/o Regus Munich 5 Höfe
Symantec (Deutschland) GmbH c/o Regus Munich 5 Höfe

Fast Spreading Threat Infecting Computers Around the Globe

Norton Tracking New Threat Affecting Potentially Hundreds of Thousands of Computers

(PresseBox) (Ratingen, )
Symantec Security Response began actively tracking a new, malicious computer worm that spreads using a socially engineered email attack.

The threat arrives via an email that asks the recipient to click on a link embedded in the email. This link actually points to a malicious program file that is disguised as a PDF file, hosted on the Internet.

When the user clicks on this link, their computer instantly downloads and launches the malicious file. This process installs the worm onto the victim's computer- without the user knowing!

Initial analysis indicates that the worm disables many common antivirus products (but it does not successfully attack Norton/Symantec products). Once running on the computer, the threat attempts to email a copy of the original email to all email addresses found in the infected user's email address book.

The threat also attempts to spread from computer to computer over the local network (to other machines on your home or office network) by copying itself to open drive shares found on other machines on the network. Once the threat copies itself to another machine, if a user even opens the folder that contains the threat on this new machine, this will launch the threat and cause it to spread further through both email and over shared drives.

Threat Details: The worm uses email for its initial propagation (an email purporting to include a link to a requested document). Once inside corporations it can spread rapidly via shared drives and removal drives. It also attempts to spread via email by gathering email addresses from the compromised computer.

Once the link is followed, it proceeds to download the actual malicious threat W32.Imsolk.B@mm which infects the compromised machine.

Because of how the threat is spreading - through the use of email - and due to the large volume of messages being automatically created, we have seen evidence of email servers getting "clogged" with these messages, becoming overwhelmed and being brought to a standstill.

Experts/Tips:

Security experts are on hand to share tips with users on how they can protect themselves from these kinds of scams, including:
- Disable network sharing and/or disconnect infected computers from the local network and Internet.
- Block outbound traffic to the domains/ IP addresses contained in the social engineered email to prevent users connecting to distribution sites to download.
- Use a complete Internet security suite like Norton Internet Security 2011, which can detect and remove the threat.
- Additional information may be found on the Symantec Security Response Blog at: http://www.symantec.com/...
The publisher indicated in each case (see company info by clicking on image/title or company info in the right-hand column) is solely responsible for the stories above, the event or job offer shown and for the image and audio material displayed. As a rule, the publisher is also the author of the texts and the attached image, audio and information material. The use of information published here is generally free of charge for personal information and editorial processing. Please clarify any copyright issues with the stated publisher before further use. In case of publication, please send a specimen copy to service@pressebox.de.
Important note:

Systematic data storage as well as the use of even parts of this database are only permitted with the written consent of unn | UNITED NEWS NETWORK GmbH.

unn | UNITED NEWS NETWORK GmbH 2002–2024, All rights reserved

The publisher indicated in each case (see company info by clicking on image/title or company info in the right-hand column) is solely responsible for the stories above, the event or job offer shown and for the image and audio material displayed. As a rule, the publisher is also the author of the texts and the attached image, audio and information material. The use of information published here is generally free of charge for personal information and editorial processing. Please clarify any copyright issues with the stated publisher before further use. In case of publication, please send a specimen copy to service@pressebox.de.