The Web    Google
1/12: Buchon-C a Mass-Mailing Worm

1/12: Buchon-C a Mass-Mailing Worm
January 12, 2005
W32/Buchon.c@MM is a mass-mailing worm. It bears the following characteristics:

  • contains its own SMTP engine to construct outgoing messages
  • harvests target email addresses from the victim machine
  • spoofs the From: address
  • drops a trojan (keylogging and proxy) to the victim machine

    The worm harvests target email addresses from files on the victim machine with the following extensions:

  • .dbx
  • .wab
  • .mbx
  • .eml
  • .mdb
  • .tbb
  • .txt
  • .html
  • .htm
  • .doc
  • .rtf
  • .cgi
  • .php
  • .asp
  • .inbox
  • .dat

    Outgoing messagees are constructed as follows:

    From: Spoofed
    Subject: Mail Delivery failure - (insert target email address)

    More information can be found at McAfee page.

  • Another Flaw Found in Microsoft VM
  • Lawmakers: Spam Bill Is a Turkey
  • Free! Expert Help Fixing Your Top Security Problems
  • 8/17: Mydoom-T Copies Itself in Emails
  • Major Vendors Team for Open Security Standard
  • Santy-A Worm Raises Fears Over New Trend
  • Phishing Grows with Holiday Shopping Spike
  • The Backup Conundrum: More Data in Less Time, Part 2
  • Securing your Storage Assets
  • House Passes Anti-Spyware Bill
  • SAML Just The Start For Web Services Security
  • Discussion on Security Camera