NOW READ THIS
("Security Advisory")

Go Back

---

Submitted by: Bill Hickey
NCVA List Master

NRT-0156 New Warezov Worm Emerges:

A new variant of the Warezov womr has been found proliferating rapidly via email. Mass mailings of the variant "Warezov.nf" started at 0500 on 19 April, and already make up 70-85% of malicious content in email traffic according to industry researchers.

Like previous variants of Warezov, the worm spreads via email, disguised as an attachment. The attachment contains a Trojan that downloads the latest version of the worm from a number of web sites. Once downloaded, the worm copies itself to the PC's hard drive and loads automatically at start-up. Warezov then harvests email addresses from the hard drive and automatically sends emails with the Trojan attached using its own SMTP engine.

The worm is able to terminate a range of antivirus and firewall applications and also downloads malicious code from the internet without the user's knowledge.

The last Warezov attack spread through Skype's instant-messaging network. The worm did not appear to be self-propagating, spreading instead through a URL sent to Skype users. When a user activated the URL, the worm passed the URL to the user's entire contact book.

Symantec reported the first variant of Warezov in September of last year. F-Secure first reported its spread into Skype at the end of February.

(news.zdnet.co.uk 20APR07)

Last Modified: Sunday, 29-Apr-2007 16:07:48 EDT