A new mass-mailing worm, Navidad, has been ranked a high threat to organisations and individuals using Microsoft Outlook. Symantec has rated the virus as high risk, high damage and medium distribution.
W32.Navidad uses existing subject lines to disguise itself, and mails itself as an attachment to contacts in an infected machine's inbox. The worm is easily recognised by the attachment - Navidad.exe - which, when executed, potentially infects the target machine.
The virus causes system instability and boot difficulties through falsifying registry entries. "Whenever an .exe file is executed, the operating system prompts the user for the location of the file WINSVRC.EXE," says a report on Symantec anti-virus research centre regarding the virus. "The net result of this is that no program files can be launched."
Kalahari.Net's Virus Alert also rates Navidad as high-risk, stating: "Many major companies have been incapacitated already. The Navidad virus is spreading like a wild fire."
If the Navidad.exe attachment is executed, the worm places a blue eye icon in the system tray of the taskbar. When the mouse pointer is over the icon, the worm displays a yellow dialogue box that states: "Lo estamos mirando..." (We are watching it...) When you click the icon, a dialogue box with a button appears. The button contains the following text: "Nunca presionar este boton" (Never press this button.) If the user presses the button, an error box with the title "Feliz Navidad" (Merry Christmas) displays the message "Lamentablemente cayo en la tentacion y perdio su computadora" (Unfortunately you've fallen to temptation and have lost your computer.)
If you close the dialogue box by clicking the X instead of clicking the button, the following message appears: "Buena eleccion" (Good selection), and exits. Despite the warning of losing the computer, no further changes are made to the system.
A fix for this worm is available from Symantec.
Share
