TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
WORM_FRETHEM.K
Overview
Solution

Malware type: Worm

Aliases: Email-Worm.Win32.Frethem.k (Kaspersky), W32/Frethem.k@MM (McAfee), W32.Frethem.K@mm (Symantec), Worm/Frethem.001 (Avira), W32/Frethem-K2 (Sophos), Worm:Win32/Frethem.J@mm (Microsoft)

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

 High

Distribution potential:

 High

Description: 

This nondestructive, memory-resident variant of WORM_FRETHEM.D propagates via email. It arrives as an attachment in email with the following details:

Subject: Re: Your password!
Message Body:
ATTENTION!

You can access
very important
information by
this password

DO NOT SAVE
password to disk
use your mind

now press
cancel

Attachment: DECRYPT-PASSWORD.EXE
PASSWORD.TXT

On systems with unpatched Internet Explorer installations, the file attachments automatically execute when the email message is previewed or opened in Microsoft Outlook and Outlook Express.

This worm runs on Windows 98, NT, 2000, ME and XP. On Windows 95, it displays an empty message box and then terminates.

For additional information about this threat, see:
Solution
Technical Details

Description created: Jul. 15, 2002 12:16:09 AM GMT -0800
Description updated: Jul. 19, 2002 9:20:40 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.