New email worm DarkMachine

[Markus De Shon <mdeshon () secureworks net>]

We have observed a new email worm in the wild of unknown virulence, just
wanted to get the word out ASAP.  We're calling it "DarkMachine" after the
nicknames of the discoverers here at SecureWorks.

The worm arrives as a .exe attachment with varying names.  The subject
line also varies, but the body of the message stays the same:

======

heh. I tell ya this is nuts ! You gotta check it out !

======

Subject lines observed so far include:

======
Kev Gives great orgasms to ladeez!! -- Kev
I don't want to write anything but Si is bullying me. -- Jim
Scientists have found traces of the HIV virus in cow's milk...here is the proof -- Will
A new type of Lager / Weed variant...... sorted !
I want to live in a wooden house -- Arwel
======

The names in the subject lines may or may not be related to the name
of the person sending the email.

The .exe attachment names vary, but the list of ones that we have seen so
far is:

=====
Common.exe
Rede.exe
UserConf.exe
Si.exe
=====

We will release more information as we figure things out...

   Markus De Shon, Ph.D., GCIA #0227  <mdeshon () secureworks net>   
   Research Manager --  SecureWorks, Inc.  -- 404 327-6339x127











----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com