Fast Spreading Threat Infecting Computers Around the Globe

CULVER CITY, Calif., Sept. 9 /PRNewswire/ –

               Thursday, Sept. 9th, 2010, Symantec Security Response began
               actively tracking a new, malicious computer worm that spreads
    What/Why:  using a socially engineered e-mail attack.

               The threat arrives via an e-mail that asks the recipient to
               click on a link embedded in the e-mail. This link actually
               points to a malicious program file that is disguised as a PDF
               file, hosted on the Internet.

               When the user clicks on this link, their computer instantly
               downloads and launches the malicious file. This process
               installs the worm onto the victim's computer- without the user
               knowing!

               Initial analysis indicates that the worm disables many common
               antivirus products (but it does not successfully attack
               Norton/Symantec products). Once running on the computer, the
               threat attempts to e-mail a copy of the original e-mail to
               all e-mail addresses found in the infected user's e-mail
               address book.

               The threat also attempts to spread from computer to computer
               over the local network (to other machines on your home or
               office network) by copying itself to open drive shares found
               on other machines on the network. Once the threat copies
               itself to another machine, if a user even opens the folder
               that contains the threat on this new machine, this will launch
               the threat and cause it to spread further through both e-mail
               and over shared drives.

               The worm uses e-mail for its initial propagation (an e-mail
               purporting to include a link to a requested document).  Once
               inside corporations it can spread rapidly via shared drives
    Threat     and removal drives.  It also attempts to spread via e-mail by
     Details:  gathering e-mail addresses from the compromised computer.

               Once the link is followed, it proceeds to download the actual
               malicious threat W32.Imsolk.B@mm which infects the compromised
               machine.

               Because of how the threat is spreading - through the use of e-
               mail - and due to the large volume of messages being
               automatically created, we have seen evidence of e-mail
               servers getting "clogged" with these messages, becoming
               overwhelmed and being brought to a standstill.

               Security experts are on hand to share tips with users on how
    Experts/   they can protect themselves from these kinds of scams,
     Tips:     including:
               --Disable network sharing and/or disconnect infected
               computers from the local network and Internet.
               -- Block outbound traffic to the domains/ IP addresses
               contained in the social engineered e-mail to prevent users
               connecting to distribution sites to download.
               --Use a complete Internet security suite like Norton Internet
               Security 2011, which can detect and remove the threat.
               -- Additional information may be found on the Symantec
               Security Response Blog at: http://www.symantec.com/connect/
               blogs/new-round-email-worm-here-you-have

               Interviews with security experts available upon request via
    WHEN:      Skype, telephone and on-camera

    CONTACT:  Gerritt Hoekman
              Edelman for Norton
              323-202-1895
              Gerritt.Hoekman@Edelman.com

SOURCE Norton