NEWS FROM THE LAB - Saturday, March 3, 2007

Email-Worm.Win32.Warezov.Email-Worm.Win32.Email-Worm.Win32.Warezov.jx Posted by Mikko @ 09:21 GMT


A new Warezov run has been going on for some hours now. The e-mails seem to be constant and look like this:

  Do not reply to this message

Dear Customer,

Our robot has fixed an abnormal activity from your IP address on
sending e-mails. Probably it is connected with the last epidemic of a
worm which does not have patches at the moment. We recommend you to
install a firewall module and it will stop e-mail sending. Otherwise
your account will be blocked until you do not eliminate malfunction.

Customer support center robot

The attachment is a ZIP file which contains a static EXE file. The name varies, but it's always something like Update-KB[random numbers]-x86.exe.
We detect it as Email-Worm.Win32.Warezov.jx.