Just a few days after the attack of WORM_SPIAG.A, another malware, which seems to be a variant of the said worm, has already been reported to be spreading in the wild today. Detected by Trend Micro as WORM_SEMAIL.A, this worm also targets Italian audiences when sending copies of itself via email.
The details of the email it sends are as follows:
Subject:In spiaggia
Message body:
Che vergogna!!! Ma ero proprio io quella… Condizioni disastrose… L’alcool disinibisce :) Ci sono un paio di foto che devi cancellare… Bacini
Attachment:Ferragosto.zip
This new worm is quite similar to WORM_SPIAG.A in terms of its propagation. It also uses the same social engineering technique in enticing target users to open its attachment, which contains the copy of this worm. However, besides the slight difference in its email details, it is also notable that the dialer capabilities of this worm seem to have been omitted in this variant.
Although WORM_SEMAIL.A does not seem to have quite a payload as significant as its predecessor’s (i.e. dialer payload), this is most probably just one of more malware that will use the same attack method (one that is focused on Italian computer users) and may evolve to have more payloads than just connecting to Web sites or dialing premium numbers. Users are therefore advised to be more critical of opening email messages they receive, even if it comes from familiar sources.