The Kuala Lumpar Lab received a new Warezov variant this morning. As the day progressed and Europe woke up we started receiving lots of new variants. As with previous Warezovs, these new ones download additional components, this time from ertinmdesachlion.com. The site seems to be overloaded at the moment, most probably because of infected machines trying to download the file. If you are a firewall admin it's a good idea to block this domain.

We've just published a Radar 2 Alert about it and detection is out in the update 2006-10-02_01. As we're getting new samples all the time, we'll definitely release more updates soon.

Here's an example of an email that was used to spam out a new variant: