14 DAY TRIAL // New data released by security vendors suggests that the mass-mailing worm, which took mailboxes by storm during the past several days, was most successful in corporate environments.
Known by several names, including Visal.B (Microsoft), Imsolk.B (Symantec) and MEYLME.B (Trend Micro), the worm sends spam emails with subjects like "Here you have" or “Just for you,” which contain malicious links.
According to Microsoft, 91% of Visal.B infections were reported in business environments, which is very unusual since the company's malware telemetry comes primarily (90%) from home users running Microsoft Security Essentials (MSE).
Moreover, 98% of affected organizations are based in the United States and according to various reports they include major companies like ABC, Comcast, AIG, Procter & Gamble, Disney or Wells Fargo, as well as government agencies like NASA or the Florida Department of Transportation.
Trend Micro reports that the first variant of this worm started being distributed back in July as part of a targeted attack against members of the African Union.
"The intended attack may have gone haywire and infected others other than the original intended victims because of its propagation routines (i.e. removable drives, network shares, email)," Ivan Macalintal, Trend's threat research manager, writes.
Meanwhile, researchers from Atlanta-based SecureWorks claim there is reason to believe that this worm is connected to a cyber jihadist group called Brigades of Tariq ibn Ziyad, which was recently formed by a Libyan hacker using the [email protected] email address.
This group's goals, which were publicly declared on Internet forums, include compromising computer systems belonging to U.S. government agencies and the U.S. Army.
The fact that this worm spread so quickly through the networks of large corporations – and reportedly even some security companies – using decade-old tactics and basic social engineering is definitely worrying. You'd think they learned something from Conficker.