An e-mail worm called "Gruel" is beginning to spread on the
internet and over the Kazaa peer-to-peer network, according to
antivirus company TruSecure.Gruel is a mass-mailer that masquerades as a
Windows software patch from Microsoft and as a virus removal tool
from Symantec.
Like other mass-mailing worms, Gruel spreads
by stealing e-mail addresses from an infected computer's Microsoft
Outlook address book and mailing copies of itself to those
addresses.
The worm deletes files from machines it
infects and copies itself into various locations, including folders
used by Kazaa network, enabling it to spread further.
TruSecure received word of five infections and
fielded around 20 calls from users who have received e-mail
messages containing the virus, according to Bruce Hughes, content
security lab manager at TruSecure.
While the number of infections is still low,
Gruel has a number of characteristics that have allowed other worms
to successfully spread in recent months.
In addition to its clever use of so-called
"social engineering" tricks such as using the names of Microsoft
and Symantec to fool recipients, the coupling of mass-mailing
techniques and features to spread over peer-to-peer networks makes
Gruel dangerous, Hughes said.
Unlike other worms, however, Gruel does not
spread over shared folders on local area networks.
While most organisations have antivirus
software that will block or quarantine the executable attachment
containing the Gruel virus, home users without such protections are
likely to bear the brunt of the new worm.
Infected home systems could soon start
bombarding corporate mail gateways with infected messages, Hughes
warned.
Paul Roberts writes for IDG News Service