Hot on the heels of the new ANI exploit is a new Warezov sample.
No variations were seen from the e-mail samples received and they all look like this:
The attachment is a ZIP file that contains an executable file. The filename is in the form of Update-KB[random numbers]-x86.exe and is detected as Trojan-Downloader:W32/Warezov.KG.
It downloads a file from the following link: http://buheradesunme.com/[removed].exe
This new file is the worm component and is detected as Email-Worm:W32/Warezov.MG.
Detections have been included since update 2007-04-03_02.