Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Evaman.A worm - new polymorphic mass mailer

  • Please log in to reply
No replies to this topic

#1 harrywaldron


    Security Reporter

  • Members
  • 509 posts
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:12:53 AM

Posted 05 July 2004 - 07:50 AM

Hopefully, this new threat will remain low risk and users are safe as long as SCR or EXE attachments are not opened.

Evaman.A worm - new polymorphic mass mailer

W32.Evaman@mm is a mass-mailing worm that spreads to addresses found at the website email.people.yahoo.com. This worm arrives as an attachment with a .exe or .scr extension.

returned mail
failure delivery
failed transaction
server error
mail failure
Delivery Status (Failure)

This is an automatically generated Delivery Status Notification.
Delivery to last recipient failed.
Email returned as attachment text file.
Message from Mail Delivery Server.
Unable to deliver message to last recipient.
Email returned as text file.
Email returned by the server as ASCII Text mail file.
To read the email download the included attachment.
Mail Server Notice:
Last email sent could not reach intented destination.
Email returned as ASCII text file.
The last email sent by this account could not reach intended destination.
Email has been returned as text file attachment.
Mail Delivery Status Notification:
Message returned by server. Message returned as text file attachment.




A WORM described as the "new Doomsday" was unlikely to pose a large risk, according to the anti-virus vendor who reported it.  Symantec senior technical director Tim Hartman downplayed a report about the "Evaman" mass mailer worm in a Sydney newspaper report today, in which he was quoted saying it could be "every bit as bad as MyDoom". "We don't think it'll spread as fast as MyDoom," Mr Hartman said of comparisons with the notorious worm which appeared earlier this year.

"It's just a mass mailer worm... the only similarity that we really have is the fact that the message in the email is very similar to Mydoom - it says 'failed to deliver this message' and conditions the user to open up the message and see which message failed."

The worm, dubbed W32.Evaman@mm by Symantec, searches Yahoo!'s email address directory and tries to email itself to resulting addresses by connecting to a dozen different outgoing mail servers. Most of the mail servers it tries to contact are operated by large US ISPs and telcos such as AT&T, Earthlink and MSN - which are are unlikely to allow open relay senders. MyDoom, like many other mass mailers, installed its own SMTP engine to send out copies of itself.

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users