'Newsletter' worm targets Outlook

From...

By Brian Sullivan

(IDG) -- Security experts around the world are warning of a new virus that uses Microsoft Outlook e-mail software to replicate itself by sending out mass e-mails that may destroy some Windows files.

The virus, called W32.Yarner.A@mm, emerged earlier this week in Europe, where it masquerades as a newsletter published by a German security group Trojaner Info, according to a statement on Trojaner's Web site. (The Web site is in German with no English translation.)

The statement said an unknown person started the worm and uses the names of Trojaner staffers, Thomas Tietz and Andreas Ebert, at the end of the message.

IDG.net INFOCENTER Computerworld main page Free daily newsletters Visit an IDG site Choose a site: IDG.net CIO Computerworld Darwin Dummies.com GamePro.com The Industry Standard ITWorld.com InfoWorld.com JavaWorld LinuxWorld Macworld Online Network World Fusion PC World Publish.com UnixInsider IDG.net search

According to reports by Abingdon, England-based Sophos Anti-Virus and Cupertino, California-based Symantec Corp., the worm arrives in an e-mail with the subject line "Trojaner Info Newsletter" and the current date. Inside, users find a message in German and an attachment named yawsetup.exe.

The worm then burrows into a user's system and replicates itself via the user's address book and by searching files with the extensions .php, .htm, .shtm, .cgi, and .pl, according to Symantec.

Symantec said the virus can delete files related to Windows but that it's easy to contain and hasn't spread very far.

Bill Pollak at CERT Coordination Center , a security research and information service at Carnegie Mellon University in Pittsburgh, said the group is monitoring the virus but hasn't issued an advisory.