Yesterday Kaspersky Lab came across a worm with a German (speaking) background, Email-Worm.Win32.Skowor.b.
In contrary to programs like GPCode, Skowor is able to replicate; it tries to spread via a share that it creates.
When installed, the worm displays a message telling the user that s/he has 5 pc reboots in order to get a password which can be used to uninstall the worm. If the user doesn’t do this, the worm will encrypt a number of important files and change the Administrator and current user password.
The worm also changes the IE start page to the author’s website.
Link here.
