A new mass-mailing trojan worm called “NAKEDWIFE” is circulating and, if executed, can delete files that are necessary for everyday computer operation, several computer security companies confirmed Tuesday.
Trend Micro Inc. began getting reports of the trojan worm that spreads through e-mail at 8 a.m. PST Tuesday, as nine U.S. organizations, including a telecommunications company and a government agency, reported the worm, said Susan Orbuch, a company spokeswoman. The worm is currently in the wild and is rated a “medium” security risk by Trend Micro, she said.
“It would go to a red alert if we went to other regions of the world,” Orbuch said. “Right now, we are only getting reports from the United States”
McAfee, a division of Network Associates Inc., also reported that 25 corporate clients, including Fortune 500 companies, had identified the trojan worm and the company rated it a “high risk.” Computer Associates International Inc. and Central Command Inc. also reported the worm.
The trojan worm is spread through Microsoft Outlook, sending an e-mail to every e-mail address in the infected user’s address book, security firms said. The worm is known as NAKEDWIFE, W32/Naked@MM, W32.HLLW.JibJab@mm.
When the trojan is executed, it displays a “Flash” window that states “JibJab loading.” While the file loads, the trojan deletes DLL (Dynamic Link Library), INI (initialization files), EXE (execution files), BMP (picture files) and COM (resource) files in the Windows and system directories, according to Trend Micro. In other words, the worm deletes files used for everyday computer operation, Orbuch said.
The trojan, which was written in VBS (Visual Basic Script), sends out the same mail as an e-mail attachment. The mail has a subject line that reads “FW: Naked Wife.” It has a message body that reads “My Wife never look like that :), Best Regards.” The attachment is named NakedWife.EXE.
After the e-mail is sent out, the trojan then displays another message.
“You’re now (F—–!) (c) 2001 By BGK (Bill Gates Killer),” the message reads, according to Trend Micro.
A bit of “social engineering” is going on with worms like the NakedWife worm, Orbuch said. Some users are intrigued by the title and open it, she said.
“I step back and say ‘Why are people opening files that say ‘NakedWife'” at work, Orbuch said.
Companies should consider security measures that eliminate EXE and VBS files gaining access to a corporate network, she said. Users also should know they should not open the attachments, she said.
Trend Micro, in Tokyo, can be reached at its North American headquarters in Cupertino, Calif., at http://www.antivirus.com/.McAfee Corp., in Sunnyvale, Calif., can be contacted at http://www.mcafee.com/. CA, based in Islandia, N.Y., can be reached at http://www.ca.com/.
