Happy New Warezov

Quote:

A new Warezov spam run is underway, using a "Happy New Year" postcard as its disguise.

The attachment is named postcard.zip and the text of the message reads:

Hi, you?ve just received a postcard.

For: (your e-mail address)

From: ---

Text: Happy New Year!

Postcard:

Click on attachment to view a postcard.

When run, the malware connects to www6.easeruikingandefunjs.com and downloads a Warezov variant.

We detect this now as Trojan-Downloader.Win32.Small.edn.

Article

Good warning Humpty, lets hope a lot of people read it.

Another site to restrict in IE and the HOSTS file! ;)

Quote:

We're now seeing slightly modified versions of the Happy New Year postcard.exe attachments that were first spotted on Friday.

This time the e-mail subjects vary a lot but are always themed around New Year greetings. For example, "Fun Filled New Year", "May Your Dreams Come True!", "Sparkling Happiness And Good Times!", or "Sender Happy 2007!". The attachment name is "greeting card.exe", "Greeting Postcard.exe", or something else along those lines.

The attachments have been modified slightly to avoid detection by antivirus programs, but we detect them as Trojan-Downloader.Win32.Tibs.jy. There are also some corrupted attachments floating around: those might not be detected, but they won't work either.

Update