There is a new worm executable that spreads under the guise of a screen saver and delivers a malicious payload that renders the Windows operating system inoperable. Melting worm is a small screen saver that sends itself via e-mail to the entire Outlook address book.
OVERVIEW
Melting worm is a small uncompressed executable written in Visual Basic with a file size of 17,920 bytes. It is transferred over the Internet as an e-mail attachment with the name "MeltingScreen.exe" or “Melting.exe”.
When an infected message is received and the attached EXE file is executed the worm starts its spreading routine in the background. The Melting worm connects to MS Outlook and sends itself to all the names in the address book.
Victims receive the e-mail with the subject "Fantastic Screensaver". The message body reads as follows:
“Hello my friend! Attached is my newest and funniest Screensaver, I named it MeltingScreen. Test it and tell me what you think. Have a nice day my friend. p.s.: Please install the Runtime Library for VB 5.0, before you run the ScreenSaver.”
The worm then gets access to the Windows directory and renames all EXE files there with the “BIN” file extension. This renders the operating system inoperable at next boot-up. After spreading and renaming EXE files to the BIN extension, the screensaver runs and visually appears to “melt” the screen.
PROTECTION
Anti-virus software is simply not enough by itself to protect yourself and your organization from first-strike attacks. There are hundreds of known executable compressors and expanders available to change the signature or “footprint” of worms and Trojan attacks. Once an attack is compressed or expanded, reactive anti-virus software is rendered useless until a patch is issued and all clients are updated.