<<<
Tuesday, April 3, 2007
>>>
 
Warezov Returns Posted by Ian @ 06:37 GMT

Hot on the heels of the new ANI exploit is a new Warezov sample.

No variations were seen from the e-mail samples received and they all look like this:

Warezov.MG

The attachment is a ZIP file that contains an executable file. The filename is in the form of Update-KB[random numbers]-x86.exe and is detected as Trojan-Downloader:W32/Warezov.KG.

It downloads a file from the following link:
http://buheradesunme.com/[removed].exe

This new file is the worm component and is detected as Email-Worm:W32/Warezov.MG.

Detections have been included since update 2007-04-03_02.






<<< Microsoft to release update for ANI vulnerability on Tuesday
|
ANI Patch now Released! >>>