Home / News & Blogs

Frethem e-mail wants to give you a password

Robert Vamosi | June 13, 2002 12:00 AM PDT

Summary

The e-mail says 'DO NOT SAVE password to disk use your mind now press cancel.' But you should use your mind and press delete instead.

Topics

Password, Antivirus, Worm, Frethem, E-mail, Microsoft Outlook, Viruses And Worms, Security, Microsoft Office, Online Communications, Office Suites, Software, Robert Vamosi
Actually, it's just another mass-mailing nuisance

An e-mail promising to reveal secret information with a password is nothing more than a pesky worm. Frethem, technically known as Frethem.e (w32.frethem.e@mm, also known as Frethem.d and Frethem.f by some vendors), uses its own SMTP engine to send e-mail using addresses obtained from infected systems. Mac and Linux users are not affected. Because Frethem only spreads by e-mail and does not cause any data damage, this worm rates a 4 on the ZDNet Virus Meter.

How it works
Frethem arrives as an e-mail with the subject line "Re: Your password!"The body text of the e-mail reads:

    ATTENTION!

    You can access
    very important
    information by
    this password

    DO NOT SAVE
    password to disk
    use your mind

    now press
    cancel

The attached file is either decrypt-password.exe or password.txt.

According to various antivirus vendors, the file, when opened, contains the following text: "Your password is W8dqwq8q918213."

Written in C++, Frethem copies itself to the following directory:

C:\Windows\startmenu\programs\startup\setup.exe

Prevention
Users of Microsoft Outlook 2002 and users of Outlook 2000 who have installed the Security Update should be safe from the attached TXT used by Frethem. The worm uses a known vulnerability in Internet Explorer that was patched last year by Microsoft in MS01-020; if you have not installed this patch, you are urged to do so now. Users who have not upgraded to Outlook 2002 or who have not installed the Security Update for Outlook 2000 should do so. In general, do not open attached files in e-mail without first saving them to hard disk and scanning them with updated antivirus software. Contact your antivirus vendor to obtain the most current antivirus signature files that include Frethem.

Removal
A few antivirus software companies have updated their signature files to include this worm. This will stop the infection upon contact and in some cases will remove an active infection from your system. For more information, see Central Command, F-Secure, McAfee, Norman, Sophos, Symantec, and Trend Micro.

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity