According to Alexandru Catalin Cosoi, a senior researcher with BitDefender, in order to stay safe, computer users should ensure that they have installed a complete anti-malware suite with antivirus, antispam, anti-phishing and firewall protection.
"Never open files from unfamiliar locations", he said.
Cosoi said that the worm comes loaded in a spam message with a variety of job-related email subjects, such as `Web designer vacancy', `New work for you', `Welcome to your new work', or `We are hiring you'.
The email reportedly also contains an apparently harmless attachment called winmail.dat that is billed as being a Word RTF file.
Most tech-savvy users run the file through Winrar or Winzip, which decodes the DAT file into its destination format but - crucially, Infosecurity notes - the anonymous nature of the DAT file means that most on-network IT security technologies miss the payload.
If extracted, the archive presents what appears to be an MS-Word document called Readme.doc, but - on closer inspection- proves to be an executable file infected with Win32.Worm.Mabezat.J.
Once opened, the alleged Readme file opens its own directory using Windows Explorer.
BitDefender's Cosoi says that the worm also writes an autorun.inf file on each drive pointing to a newly-created file called zPharaoh.exe.
"What is particularly important about Win32.Worm.Mabezat.J is the fact that it is also able to infect executable files by replacing the first 1768 bytes of the infected executable file with its own encrypted body. The worm always starts its infection campaign by compromising the Windows Media Player main executable, as well as some binary files in Outlook Express", he said..
"The Mabezat family is extremely dangerous: they not only have the ability to infect binary files and to occasionally destroy system files, but they can also collect email addresses from a variety of file formats (such as .XML, .PHP, .LOG, .CHM, .HLP, .CPP, .PAS, .XLS, on the infected system", he added.
"After it has compiled an e-mail list, the worm will start mass-mailing itself by using its own SMTP engine."