News

Goner Mass-Mailing Worm Makes the Rounds

A new mass-mailing worm made the rounds on Tuesday, flooding corporate e-mail inboxes with messages marked with the subject line "Hi" and carrying a screen-saver attachment.

According to Symantec Security Response, the worm, called "Goner" or W32.Goner.A@mm, is a Visual Basic script with a screen-saver attachment.

When recipients click on the screen-saver attachment, they see an error message designed to fool them into thinking the attachment may have been legitimate. Behind the scenes, the worm is mailing itself to the user's Outlook Address Book, attempting to delete anti-virus processes and inserting a Registry key.

Goner can also spread its infection via the ICQ and IRC networks, Symantec said.

The attachment title is goner.scr. The body of the e-mail, with typos included, reads: "How are you ? When I saw this screen saver, I immediately thought about you. I am in a harry, I promise you will love it!"

Symantec rated the worm's severity as a 3 on a scale of 5.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Microsoft Expands Azure AD Password Lengths, Adds Conditional Access Controls

    Microsoft announced a couple of Azure Active Directory enhancements this week regarding password lengths and new conditional access controls for IT pros.

  • Attack Surface Analyzer 2.0 Available for Checking Software Installs

    Microsoft this week described Attack Surface Analyzer 2.0, an updated tool for checking software installations that's now built using open source code.

  • What Causes Hyper-V Replication Failures?

    Hyper-V replication failures happen rarely, but their impact can be catastrophic when they do. Know the scenarios that are likely to trigger a replication failure.

  • Microsoft Touts Using HyperClear To Address Intel Processor Woes

    Microsoft is again promoting its HyperClear Hyper-V hypervisor technology as a potential balm for organizations trying to come to grips with Intel's latest speculative execution side-channel attack disclosures.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.