Quote:
A new Warezov spam run is underway, using a "Happy New Year" postcard as its disguise.
The attachment is named postcard.zip and the text of the message reads:
Hi, you’ve just received a postcard.
For: (your e-mail address)
From: ---
Text: Happy New Year!
Postcard:
Click on attachment to view a postcard.
When run, the malware connects to www6.easeruikingandefunjs.com and downloads a Warezov variant.
We detect this now as Trojan-Downloader.Win32.Small.edn.
Article
0
Happy New Warezov
Started by Humpty, Dec 31 2006 02:46 PM
3 replies to this topic
#2 ONLINE
-
- Moderators
-
- 9,444 posts
try to stay calm
- Gender:Female
- Location:Huddersfield uk
Posted 31 December 2006 - 03:12 PM
Good warning Humpty, lets hope a lot of people read it.
CCLEANER, RECUVA, DEFRAGGLER AND SPECCY DOCUMENTATION CAN BE FOUND HERE
http://www.piriform.com/docs
http://www.piriform.com/docs
#3 OFFLINE
-
- Moderators
-
- 13,324 posts
Captain Spectacular
- Gender:Male
- Location:Shadow Moses
#4 OFFLINE
-
- Members
-
- 2,125 posts
Super Hero
Posted 31 December 2006 - 06:13 PM
Quote:
We're now seeing slightly modified versions of the Happy New Year postcard.exe attachments that were first spotted on Friday.
This time the e-mail subjects vary a lot but are always themed around New Year greetings. For example, "Fun Filled New Year", "May Your Dreams Come True!", "Sparkling Happiness And Good Times!", or "Sender Happy 2007!". The attachment name is "greeting card.exe", "Greeting Postcard.exe", or something else along those lines.
The attachments have been modified slightly to avoid detection by antivirus programs, but we detect them as Trojan-Downloader.Win32.Tibs.jy. There are also some corrupted attachments floating around: those might not be detected, but they won't work either.
Update
We're now seeing slightly modified versions of the Happy New Year postcard.exe attachments that were first spotted on Friday.
This time the e-mail subjects vary a lot but are always themed around New Year greetings. For example, "Fun Filled New Year", "May Your Dreams Come True!", "Sparkling Happiness And Good Times!", or "Sender Happy 2007!". The attachment name is "greeting card.exe", "Greeting Postcard.exe", or something else along those lines.
The attachments have been modified slightly to avoid detection by antivirus programs, but we detect them as Trojan-Downloader.Win32.Tibs.jy. There are also some corrupted attachments floating around: those might not be detected, but they won't work either.
Update
