Re: [OT]New Virus in the wild

>Just for clarification, the bounce reports ARE the worm transport,
>according to reports I'm seeing. 

But there's a lot more variants than that.

---------------------------------------------------
E-Mail messages sent by the worm have the following characteristics: 

Subjects can be any of the following: 

 test
 hi
 hello
 Mail Delivery System
 Mail Transaction Failed
 Server Report
 Status
 Error

Body is one of the following: 

 test

 The message cannot be represented in 7-bit ASCII encoding
 and has been sent as a binary attachment.

 The message contains Unicode characters and has been sent
 as a binary attachment.

 Mail transaction failed. Partial message is available.

Attachments are composed combining the following names: 

 document
 readme
 doc
 text
 file
 data
 test
 message
 body

with the following extensions: 

 pif
 scr
 exe
 cmd
 bat
-----------------------------------------------

( From http://www.f-secure.com/v-descs/novarg.shtml )