Evaman.A worm - new polymorphic mass mailer
W32.Evaman@mm is a mass-mailing worm that spreads to addresses found at the website email.people.yahoo.com. This worm arrives as an attachment with a .exe or .scr extension.
SUBJECT OF EMAIL MESSAGE
Delivery Status (Failure)
TEXT OF EMAIL MESSAGE
This is an automatically generated Delivery Status Notification.
Delivery to last recipient failed.
Email returned as attachment text file.
Message from Mail Delivery Server.
Unable to deliver message to last recipient.
Email returned as text file.
Email returned by the server as ASCII Text mail file.
To read the email download the included attachment.
Mail Server Notice:
Last email sent could not reach intented destination.
Email returned as ASCII text file.
The last email sent by this account could not reach intended destination.
Email has been returned as text file attachment.
Mail Delivery Status Notification:
Message returned by server. Message returned as text file attachment.
A WORM described as the "new Doomsday" was unlikely to pose a large risk, according to the anti-virus vendor who reported it. Symantec senior technical director Tim Hartman downplayed a report about the "Evaman" mass mailer worm in a Sydney newspaper report today, in which he was quoted saying it could be "every bit as bad as MyDoom". "We don't think it'll spread as fast as MyDoom," Mr Hartman said of comparisons with the notorious worm which appeared earlier this year.
"It's just a mass mailer worm... the only similarity that we really have is the fact that the message in the email is very similar to Mydoom - it says 'failed to deliver this message' and conditions the user to open up the message and see which message failed."
The worm, dubbed W32.Evaman@mm by Symantec, searches Yahoo!'s email address directory and tries to email itself to resulting addresses by connecting to a dozen different outgoing mail servers. Most of the mail servers it tries to contact are operated by large US ISPs and telcos such as AT&T, Earthlink and MSN - which are are unlikely to allow open relay senders. MyDoom, like many other mass mailers, installed its own SMTP engine to send out copies of itself.