Worms with their own SMTP engine: a threat to all e-mail clients

Just as Outlook and Outlook Express are by far the most common e-mail clients among Internet users, they are also the most frequently used means of propagation for the worms that are constantly appearing and threatening users’ computers. The simple reason for this being that a worm designed to use one of these applications will have much more chance of ‘success’ than one that uses Eudora, for example.

This doesn’t mean that other mail clients are out of harm’s way, as nowadays, almost all applications can be susceptible to infection by worms. And now virus writers have gone one step further, creating worms capable of sending themselves by e-mail regardless of the client application being used.

This has led to the emergence of worms with their own SMTP (Simple Mail Transfer Protocol) engine. The technique is in theory relatively simple, and is based on establishing a connection with an SMTP mail server that allows e-mails to be sent without verifying who is sending them or from where. All this system requires is an open Internet connection and the sending of certain commands via TCP/IP port 25. The worm can use the default SMTP server, or one that is contained in the virus code itself.

Worms of this type include Lentin.L which, regardless of the mail reader, sends itself out to the addresses in Windows, MSN Messenger, .NET Messenger, Yahoo Pager, and all those it finds in HTM files. Other worms that use these kinds of propagation techniques include Bugbear or the recent Ganda.A.

The only surefire method for avoiding falling victim to these creations and other e-mail worms, regardless of the means they use to spread, is to have a good antivirus system installed, complete with daily updates and permanent technical support.