NEWS FROM THE LAB - Tuesday, April 3, 2007

Warezov Returns Posted by Ian @ 06:37 GMT

Hot on the heels of the new ANI exploit is a new Warezov sample.

No variations were seen from the e-mail samples received and they all look like this:


The attachment is a ZIP file that contains an executable file. The filename is in the form of Update-KB[random numbers]-x86.exe and is detected as Trojan-Downloader:W32/Warezov.KG.

It downloads a file from the following link:

This new file is the worm component and is detected as Email-Worm:W32/Warezov.MG.

Detections have been included since update 2007-04-03_02.