14 DAY TRIAL // Spammers are always willing to do anything it's possible to create huge lists of valid email addresses in order to be able to launch new attacks. They are even selling huge lists of emails to other spammers who intend to send unsolicited messages to all the contacts. The latest trend seems to be infecting people's computers with a worm and steal their email addresses. WORM_ZHELATI.AIR was discovered by security vendor Trend Micro, which wrote that it affected most Windows flavors including 98, ME, NT, 2000, XP and Server 2003. Although it has a low damage potential and a low distribution potential, the worm can reach your computer by email or straight from a malicious website visited by the user.
"This worm arrives as attachment to email messages spammed by another malware or a malicious user. It may be dropped by other malware. It may be downloaded unknowingly by a user when visiting malicious Web sites", Trend Micro wrote in the security notification.
Just like any other recent worm, WORM_ZHELATI.AIR adds itself into the Windows registry in order to be sure it is executed every time the operating system is fully loaded. In addition, it attempts to steal the email addresses, probably with the same spamming plans.
"It drops copies of itself. It creates registry entries to enable its automatic execution at every system startup. It gathers target email addresses from files with certain file name extensions. It avoids sending email messages to addresses containing certain strings", Trend Micro added.
There's not much to do in order to remain secure while this threat is in the wild. All you're required to do is to avoid visiting malicious websites which may deploy the worm on your computer and to refuse opening attachments included in the messages coming from untrusted sources.