Subscriptions | RSS Feeds | Discussions | Polls | Site Map




All Threats

Viruses

Hackers

Spam
Whole site    Viruses
  
Virus Encyclopedia
Riskware
Alerts
Analysis
News
Glossary
Weblog

 
Archive

<< 2010  
Jan Feb Mar
     
     
     
About Diary's Authors
About Diary's Authors

The Analyst's Diary is a weblog maintained by virus analysts from Kaspersky Lab headed by Eugene Kaspersky. Find out more about the authors of this weblog.
Poll
How would you prefer to pay for your antivirus solution?
Using a prepay card
Via your mobile (SMS)
Via the Internet using a debit\ credit card
Using cash\ credit\ debit in a shop
Using an e-payment system (e.g. PayPal)
Other
  View responses
 

  Home / Weblog

Analyst's Diary

A green grin


  Costin       June 28, 2007 | 10:58  GMT

comment  

Earlier today we intercepted a number of mailings with a new Warezov downloader. The good news is that it's already detected as Email-Worm.Win32.Warezov.pk, which we added to our database two days ago.

What's interesting about the mails is that along with the usual executable (which in this case is called "access.exe") the messages have a couple of PDFs attached.

The PDFs, which are otherwise harmless, contain alleged financial transactions. Here's an example:

If you get tricked by these and get to run the executable, it will contact kitinjderunhadsun.com and download another executable from there. This second exe is 91095 bytes in size, and we detect it as Email-Worm.Win32.Warezov.iq.

We detected the first version of Warezov almost one year ago and after all this time, the gang behind these worms is still roaming free. I'm really looking forward to the day they get caught.

 

Copyright © 1996 - 2010
Kaspersky Lab
Industry-leading Antivirus Software
All rights reserved
 

Email: webmaster@viruslist.com