On April 13th several e-mails with love themed subjects were seen in the wild. While some of the subjects are a rehash of previously used subjects such as Sending You My Love, The Dance of Love, and When I'm With You, others are new:

• A Dream is a Wish
• A Is For Attitude
• Eternal Love
• Eternity of Your Love
• Falling In Love with You
• Hugging My Pillow
• Inside My Heart
• Kisses Through E-mail
• Our Journey
• Sent with Love
• When Love Comes Knocking
• You're In My Thoughts
• You're the One

The e-mail messages themselves have no text, instead, they have attached executables with romantic sounding filenames. These include:

• Love Card.exe
• Love Postcard.exe
• Greeting Card.exe
• Postcard.exe

Here is an example of the worm's e-mail:




A second run occurred after a few hours. This time, the subjects were security related:

• ATTN!
• Spyware Alert!
• Virus Alert!
• Worm Alert!
• Worm Detected!

Furthermore, the message body is an image file which advises the receiver to patch their systems. Also included within the image is a password in order to extract the attachment. Here is an example:



Something new to the Zhelatin family is the use of a password protected Zip archive as an attachment. The filenames vary but they have the following format:

• patch-[4 to 5 random numerical characters].zip
• hotfix-[4 to 5 random numerical characters].zip

The executable contained within the Zip archive has the same name as that of the archive but with an EXE extension.

Last update 25 May 2007

 

TOP