Users should look out for an e-mail message with a subject line: "Thoughts..."
Inside, a short note reads: "I just found this program, and, i dont know why... but it reminded me of you. check it out." Inside the message is an attachment called Cute.exe.
Symantec and McAfee.com said the package unleashes a Trojan horse worm that will look for security programs inside a user's machine and attack them. Both companies have labelled the worm a "low" risk and offer instructions on their Web sites on how to remove it.
Symantec and McAfee describe the Trojan as a variant of the "Backdoor.Subseven" Trojan horse. Symantec named the Trojan W32.Tendoolf, while McAfee dubbed it W32/Floodnet@MM.
The program will also allow attackers to do the following:
- Send instant messages from an infected machine using either MSN Messenger or AOL Instant Messenger
- Send e-mail
- Initiate denial-of-service attacks
- Access, move, copy or delete files
- Access, move, copy or delete file transfer protocol files
The program will copy itself to the Windows directory and create two registry keys, McAfee.com's statement said. Two INI keys are also created, then the worm looks for E security programs - including antivirus and firewall programs - in memory and terminates them if found.