F-Secure Spoof E-mail Breplibot worm

press@f-secure.com under attack

There’s a mass spamming underway right now. Somebody is sending out thousands of emails spoofed to be from “David Adams, Dept. Research, F-Secure Development (press@f-secure.com)”. Some emails were also spoofed from editor@f-secure.com or from info@f-secure.com.

These emails contain a new variant of the Breplibot worm. We’re right now shipping detection for it as “Breplibot.ae”.

The emails are not sent from our network, they are just spoofed to look like they are coming from a F-Secure address.

Source: F-Secure Blog

Microsoft Security Advisory (904420)

Microsoft have released a security advisory for the Win32/Mywife.E@mm e-mail malware.

Microsoft wants to make customers aware of the Mywife mass mailing malware variant named Win32/Mywife.E@mm. The mass mailing malware tries to entice users through social engineering efforts into opening an attached file in an e-mail message. If the recipient opens the file, the malware sends itself to all the contacts that are contained in the system’s address book. The malware may also spread over writeable network shares on systems that have blank administrator passwords.

Nyxem.E E-mail Worm

F-Secure upgraded Nyxem.E to Radar level 2 due to the increased number of reports.

The worm’s destructive payload activates on every third day of the month by replacing the content of user’s files with a text string “DATA Error [47 0F 94 93 F4 K5]”. Among these files are: doc, xls, mdb, mde, ppt, pps, zip, rar, pdf, psd and dmp.

Detailed Information for Nyxem.E

UPDATE: Please see Microsoft Security Advisory 904420 and F-Secure 

What is going on here

Seeing this in my reader has not been pleasant lately… What can it be


Edit: Here is an excert from the Infoworld article

After being criticized for including rootkit-like cloaking software in its Norton SystemWorks product, security vendor Symantec (Profile, Products, Articles) Corp. is calling for an industrywide effort to define what the term “rootkit” actually means.

According to Russinovich, “motivation should be disconnected from the definition.” This opinion is at odds with the view of Symantec’s Weafer, who believes that the question whether the software developer had a malicious intent should count.