Not content to let the Dozer and Koobface guys have all the fun, the Ackannta crew has unleashed another new variant on the unsuspecting masses. Today we saw in our spam traps a new variant of Ackannta that we have added detection for as W32.Ackannta.G@mm. Ackannta is a family of mass-mailing worm that also copies itself to removable drives. It has been noted to use well-known brand names and big news items (such as the recent Michael Jackson story) in email campaigns in the past in order to trick users into opening it.
At this time we are seeing this worm being sent out through emails in low numbers. The emails have the following characteristics:
Subject: Jessica would like to be your friend on hi5!
Body: The email body is written in HTML and is a poorly made copy of the hi5 social networking site (note the broken images, large unintended white spaces and stray buttons). It contains a message prompting the reader to open the attachment.
Jessica would like to be your friend on hi5!
I set up a hi5 profile and I want to add you as a friend so we can share pictures and start building our network. First see your invitation card I attached! Once you join, you will have a chance to create a profile, share pictures, and find friends.
Attachment: Invitation Card.zip, which contains a file named attachment.chm .exe.
Before we leave this topic, let’s get one thing straight: most self-respecting companies wouldn’t send out files in emails to users either as executable file types or zipped archives. If you ever receive such a file as an attachment you would be well advised to steer well clear of it.