Yesterday, we blogged about a new variant of Warezov being spammed around. Today, another variant has been seen spreading in the wild.
This new variant is now detected as Email-Worm.Win32.Warezov.u using database update version 2006-09-11_01.
It sends itself as e-mail attachments to addresses found on the infected computer.
Here's another email sample of this worm:
Like yesterday's Warezov variant, it downloads another variant from yuhadefunjinsa.com/[removed]/lt.exe. This downloaded file is now detected as Email-Worm.Win32.Warezov.t.
Once Warezov.U has been executed, it displays a notepad window with random character strings. This is used as a decoy mechanism to fool the users into thinking that this was the file executed instead of the actual worm. Below is an example:
Let's see if these patterned attacks will continue striking tomorrow.