PandaLabs has detected the appearance of Tearec.A, an e-mail worm that uses messages with erotic content to trick users. This malicious code has high distribution potential and, according to PandaLabs, has already infected users around the world. It is currently one of the viruses most frequently detected by the Panda ActiveScan free, online antivirus.
Panda Software’s TruPreventTM proactive protection technologies have detected and blocked Tearec.A with no need for previous updates, so computers with these technologies have been protected from the moment this malicious code appeared.
The e-mail messages that Tearec.A uses to spread have variable characteristics, as the subject, text and attachment name are chosen from a long list of options. Some of the options are as follows:
Subjects *Hot Movie*, Arab sex DSC-00465.jpg, Fw: SeX.mpg, Fw: Sexy, Fwd: Crazy illegal Sex!
Text body: Fuckin Kama Sutra pics, Note: forwarded message attached. You Must View This Videoclip!.
Attachment: Adults_9,zip.sCR, Photos,zip.sCR, SeX,zip.scR, Sex.mim.
The full list of options is available in Panda Software’s Virus Encyclopedia at: http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?IdVirus=105192&sind=0
“Malicious code alluding to erotic content continue to spread successfully. In fact, it is still the number one topic for social engineering. Epidemics such as those caused by the Kournikova, Nakedwoman or Hybris worms provide good examples of this. The best way to avoid these problems is to scan all e-mail before opening it with a reliable and up-to-date antivirus”, explains Luis Corrons, director of PandaLabs.
If a user runs the message attachment, the worm sends itself out by e-mail using its own SMTP engine and creates several files on the computer with copies of itself. At the same time, it tries to delete certain files related to security tools which it may find on the system. Moreover, on a computer in a network, it will try to delete files it finds in directories related to security applications not just on the affected computer but also on other networked computers which it is able to access.
It also makes several Windows registry entries, both to disable security applications and also to ensure it runs on every system start-up.
According to Luis Corrons: ” Cases such as this worm, which can spread rapidly, highlight the need for having proactive technologies installed on computers. This prevents the chance of infection during the so-called “vulnerability window”, the time it takes after the appearance of a new threat for traditional antiviruses to include the corresponding update.”