Tuesday, April 3, 2007
Warezov Returns Posted by Ian @ 06:37 GMT

Hot on the heels of the new ANI exploit is a new Warezov sample.

No variations were seen from the e-mail samples received and they all look like this:


The attachment is a ZIP file that contains an executable file. The filename is in the form of Update-KB[random numbers]-x86.exe and is detected as Trojan-Downloader:W32/Warezov.KG.

It downloads a file from the following link:

This new file is the worm component and is detected as Email-Worm:W32/Warezov.MG.

Detections have been included since update 2007-04-03_02.

<<< Microsoft to release update for ANI vulnerability on Tuesday
ANI Patch now Released! >>>