Beware Evaman

The Sydney Morning Herald is warning of a new Doomsday with ”a new internet virus is expected to clog mail servers, cause severe slowdown and wreak financial damage as it spreads rapidly around the world when businesses return to work today”.

It is a mass-mailer worm called Evaman, and Symantec is likening it to MyDoom, using a false email address to generate messages with an attachment that carries the virus. By opening the attachment, recipients “unleash the virus onto their computer, where it automatically starts sending out dozens of new messages”.

As with an increasing number of these viruses, the worry is that the infection rate will be worsened because of the weekend factor: Tim Hartman, senior technical director at the security firm Symantec, “estimated the virus would spread at an uncontrollable rate as people returned to work”. He’s quoted as saying: “There’s so many unprotected machines out there that the likelihood that this will spread significantly is quite high. We have to wait until everyone gets back to work from their weekend around the world.”

What’s not quite clear to me is how exactly this works, and for what purpose. Symantec says the worm “generates random queries to email.people.yahoo.com (an email search engine), and collects email addresses from the search results”. It then sends copies of itself to the addresses that it finds with a spoofed From address”. But why?

I can only assume it is trying to verify email addresses in bulk. If so, it’s proof, if it were needed, that spamming and virus writing is all pretty much the same business these days.

05. July 2004 by jeremy
Categories: Malware, Spam | Tags: , , , , , , , , , , , , , , , | Comments Off on Beware Evaman