News from the Lab Archive : January 2004 to September 2015

NEWS FROM THE LAB - Tuesday, April 3, 2007

ARCHIVES | SEARCH

Warezov Returns	Posted by Ian @ 06:37 GMT

Hot on the heels of the new ANI exploit is a new Warezov sample.

No variations were seen from the e-mail samples received and they all look like this:

The attachment is a ZIP file that contains an executable file. The filename is in the form of Update-KB[random numbers]-x86.exe and is detected as Trojan-Downloader:W32/Warezov.KG.

It downloads a file from the following link:
http://buheradesunme.com/[removed].exe

This new file is the worm component and is detected as Email-Worm:W32/Warezov.MG.

Detections have been included since update 2007-04-03_02.