Maybe I should clarify: By "very slowly" I meant that this should spread significantly more slowly than something which is able to exploit a vulnerability and start executing as soon as it finds a susceptible host. If it's been in the wild for 12 hours without compromising most of the vulnerable hosts, that's slow relative to what's possible. Thus spake Jack Bates (jbates@brightok.net): [snip]
That is a very bad assumption to make. Not all AV software can detect the various variations of it yet. In addition, there are many EU's that will still run any executable that shows up in their inbox. Many reports of the Microsoft Patch scam being used with this one.
It is multi-part mime, so my current stripping methods will protect the mailboxes on my system.
-Jack