Jonbo298
07-05-2004, 01:13 AM
SYMANTEC IS warning that the mail servers of the nation will be clogged by a mass mailer worm called Evaman today.
According to the Sydney Morning Herald, Evaman has been given a critical rating by Symantec despite few examples, as yet, turning up in the wild.
The trojan horse uses a false email address to generate messages with the usual attachment that carries the code. If users are dumb enough to open the attachment, their PC will be turned into a zombie sending out dozens of new messages.
Symantec senior technical director Tim Hartman says Evaman has the potential to be every bit as bad as Mydoom.
It is hard to see why this one will be any different from the other Trojan types. The heading has things like failed transaction and failure deliver. It affects Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, and Windows XP machines. When it first runs it sometimes opens a notepad page. It then selects an smtp server using a hardcoded list. These include smtp.rcn.com, outgoing.verizon.net, smtp.comcast.net, mail.mindspring.com, smtp.email.msn.com, smtpauth.earthlink.net, smtp-server.nc.rr.com, smtp1.attglobal.net, mailhost.att.net, mail.optonline.net, mail.peoplepc.com, smtpout.bellatlantic.net, mail.verio.net, smtp.netzero.net,and smtp.prodigy.net.
If it cannot connect to a server it queries the registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager\Accounts\SMTP Server to find a mail server.
Then it logs onto email.people.yahoo.com, and collects email addresses from the search results and replicates itself. Symantec has released a patch for it
http://www.theinquirer.net/?article=17007
Don't hesitate. UPDATE IT BEFORE ITS TOO LATE
*edit*
It sounds like what could've been big has been downplayed by Symantec because it hasn't gotten the steam it needed.
According to the Sydney Morning Herald, Evaman has been given a critical rating by Symantec despite few examples, as yet, turning up in the wild.
The trojan horse uses a false email address to generate messages with the usual attachment that carries the code. If users are dumb enough to open the attachment, their PC will be turned into a zombie sending out dozens of new messages.
Symantec senior technical director Tim Hartman says Evaman has the potential to be every bit as bad as Mydoom.
It is hard to see why this one will be any different from the other Trojan types. The heading has things like failed transaction and failure deliver. It affects Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, and Windows XP machines. When it first runs it sometimes opens a notepad page. It then selects an smtp server using a hardcoded list. These include smtp.rcn.com, outgoing.verizon.net, smtp.comcast.net, mail.mindspring.com, smtp.email.msn.com, smtpauth.earthlink.net, smtp-server.nc.rr.com, smtp1.attglobal.net, mailhost.att.net, mail.optonline.net, mail.peoplepc.com, smtpout.bellatlantic.net, mail.verio.net, smtp.netzero.net,and smtp.prodigy.net.
If it cannot connect to a server it queries the registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager\Accounts\SMTP Server to find a mail server.
Then it logs onto email.people.yahoo.com, and collects email addresses from the search results and replicates itself. Symantec has released a patch for it
http://www.theinquirer.net/?article=17007
Don't hesitate. UPDATE IT BEFORE ITS TOO LATE
*edit*
It sounds like what could've been big has been downplayed by Symantec because it hasn't gotten the steam it needed.