Antivirus company, TruSecure, is warning users about a new email worm that is beginning to spread on the Internet and over the Kazaa peer-to-peer network.
The new worm, dubbed "Gruel", is a mass-mailing worm that masquerades as a Windows software patch from Microsoft and as a virus removal tool from Symantec, according to an alert from TruSecure.
Like other mass mailing worms, Gruel spreads by stealing email addresses from an infected computer's Microsoft Outlook address book and mailing copies of itself to those addresses, the company said.
The worm deletes files from machines it infects and copies itself into various locations, including folders used by the Kazaa file-sharing network, enabling it to spread on that network as well, TruSecure said.
TruSecure received word of five infections and fielded about 20 calls from users who had received email messages containing the virus, content security lab manager at TruSecure, Bruce Hughes, said.
While the number of infections was still low, Gruel had a number of characteristics that had allowed other worms to successfully spread in recent months, Hughes said.
In addition to its clever use of so-called "social engineering" tricks such as using the names of Microsoft and Symantec to fool recipients, the coupling of mass mailing techniques and features to spread over peer-to-peer networks made Gruel more dangerous, Hughes said.
Unlike other worms, however, Gruel did not spread over shared folders on local area networks, he said.
While most organisations had antivirus software that would block or quarantine the executable attachment containing the Gruel virus, home users without such protections would likely bear the brunt of the new worm, Hughes said.
In the coming hours and days, infections on those home systems may bombard corporate mail gateways with infected messages as well, Hughes said.
The company currently has the new worm on "watch", he said.