Bridex (F-Secure)   I-Worm.Bridex (Kaspersky Labs)   PE_Brid.A (Trend Micro)   W32/Braid@MM (McAfee Security)   W32/Braid-A (Sophos)   W32/Braid.A-mm (Message Labs)   W32.Brid.A@mm (Symantec)   Win32.Braid.A (Computer Associates)  Security advisories:   Computer Associates   F-Secure   Kaspersky Lab   McAfee   MessageLabs   Sophos   Symantec   Trend Micro   Microsoft Security Bulletin (MS01-020)

On Friday, November 15, Symantec Security Response raised the threat level of the recently discovered Braid worm after sample submissions continued flowing in at the company's research centers.

W32/Braid is a mass-mailing worm carrying a modified version of the FunLove virus, which caused an alarming outbreak in late 1999.

Employing the tactics used by famous widespread worms like Klez.H, Braid arrives from a seemingly legitimate, but usually forged e-mail address, carrying an attachment called "Readme.exe". The worm exploits a well-known Internet Explorer vulnerability ("Incorrect MIME Header Can Cause IE to Execute E-mail Attachment") uncovered in March 2001, which enables automatic execution of Braid's infection code.

The worm scans Outlook's Address Book and all files with .HTM and .DBX extensions for e-mail addresses. Then, using its own SMTP engine, Braid attempts to connect directly to the e-mail server mailing copies of the virus to all discovered addresses.

The e-mail message is composed from information in the infected computer's Registry and has the following format:

Hello, Product Name: <WINDOWS NAME AND VERSION> Product ID: <WINDOWS ID> Product Key: <WINDOWS KEY> Process List: <LIST OF PROCESSES> Thank you.

Meanwhile, contrary to Symantec's alert, as of Saturday afternoon (GMT) McAfee continued to maintain a "low-profile" alert status for W32/Braid, crediting the media for alerting the Internet community of the growing threat.

However, Svetlozar Online advises that all active Internet users should take precautionary measures. Users of unpatched, older versions of Internet Explorer should immediately secure their browser software using either Microsoft Internet Explorer's web site or Microsoft Windows Update. In addition, all users need to update their antivirus software to enable Braid's detection and removal.