News

'Gruel' worm poses as Microsoft patch and Symantec tool

An e-mail worm called "Gruel" is beginning to spread on the internet and over the Kazaa peer-to-peer network, according to antivirus company TruSecure.

Gruel is a mass-mailer that masquerades as a Windows software patch from Microsoft and as a virus removal tool from Symantec.

Like other mass-mailing worms, Gruel spreads by stealing e-mail addresses from an infected computer's Microsoft Outlook address book and mailing copies of itself to those addresses.

The worm deletes files from machines it infects and copies itself into various locations, including folders used by Kazaa network, enabling it to spread further.

TruSecure received word of five infections and fielded around 20 calls from users who have received e-mail messages containing the virus, according to Bruce Hughes, content security lab manager at TruSecure.

While the number of infections is still low, Gruel has a number of characteristics that have allowed other worms to successfully spread in recent months.

In addition to its clever use of so-called "social engineering" tricks such as using the names of Microsoft and Symantec to fool recipients, the coupling of mass-mailing techniques and features to spread over peer-to-peer networks makes Gruel dangerous, Hughes said.

Unlike other worms, however, Gruel does not spread over shared folders on local area networks.

While most organisations have antivirus software that will block or quarantine the executable attachment containing the Gruel virus, home users without such protections are likely to bear the brunt of the new worm.

Infected home systems could soon start bombarding corporate mail gateways with infected messages, Hughes warned.

Paul Roberts  writes for IDG News Service


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy