Feebs: perfect (anti)social engineering?

We saw first versions of Feebs worm couple of weeks ago. Feebs spreads itself in HTA (HTML application) scripts which it regenerates every time it sends them out. The actual script contains the worm binary file, or in some cases it can download the worm from other locations. This way Feebs can send highly variable HTA scripts that possibly download new Feeb variants from the web. While this is quite rare approach for a mass mailing worm, in addition to its built in SMTP engine, Feebs has another quite unusual email spreading technique in its sleeve.

While we were checking the rootkit features of Feebs (yes, among other things, Feebs can also hide itself using rootkit techniques), we saw a weird hook in Windows socket library. F-Secure : News from the Lab

Linked by shanmuga Thursday, 19th January 2006 8:13PM