Frethem.K is a new variant of Frethem worm that appeared in the
middle of July 2002. This worm variant is close to Frethem.E
variant, but it has some additional features. The worm's file is
packed with PE-Pack and UPX file compressors and is about 47
The worm sends itself from an infected computer as with the
Re: Your password!
You can access
DO NOT SAVE
password to disk
use your mind
(<infected user name>)
The executable attachment contains the worm's body. The
'password.txt' attachment contains the following text:
Your password is W8dqwq8q918213
The worm installs itself to system as TASKBAR.EXE and creates a
startup key in System Registry to make this file start every time
a user logs on. Also the worm copies itself as SETUP.EXE to
\Start Menu\Programs\Startup\ folder.
To remove the worm from a system, all its files should be
deleted. Also it is recommended to delete all infected messages
from e-mail databases and to apply the latest security patches to
Microsoft e-mail browsers.
Detection of Frethem.K worm in F-Secure Anti-Virus was published
on July 15th, 2002: