NEWS FROM THE LAB - Monday, December 25, 2006

Happy New Warezov Posted by Mikko @ 08:34 GMT

Warezov Postcard

A new Warezov spam run is underway, using a "Happy New Year" postcard as its disguise.

The attachment is named postcard.zip and the text of the message reads:

   Hi, you’ve just received a postcard.
   For: (your e-mail address)
   From: ---
   Text: Happy New Year!
   Click on attachment to view a postcard.

When run, the malware connects to www6.easeruikingandefunjs.com and downloads a Warezov variant.

We detect this now as Trojan-Downloader.Win32.Small.edn.