It's been awhile since the last attack of the Warezov gang. But it seems now they're back in action.Here's a sample screenshot of the e-mail of the new Warezov that is being spammed:The zip file attachment contains an executable file that uses a text file icon as a decoy:Once the malware has executed, it will pop-up the following message box:This executable file is a downloader for its other components. The link is encrypted with a simple XOR.For system administrators, you may want block network traffic from the following malicious link:http://linktunhdesa.com/h[REMOVED]2.exeOur detection for this variant is Email-Worm:W32/Warezov.NF and it is included since database update 2007-04-19_02.
