Another new email worm

[Art]

I received two different emails with different message bodies
and attachments. One attackment is named docs.elm.pif
The other, named Update-KB6269-x86.exe was attached
to a "social-engineered" message claiming to come from
my ISP. It claimed that worms were being detected emanating
from my computer and that the "urgent update" be installed
immediately.

Results at Virus Total were spotty, with just a small handful
of products producing a alert of any kind. The alerts all
appeared to be of a heuristic "guesswork" nature. So I
zipped both attackments and sent them to Kaspersky.

A Kaspersky analyst responded that detection for
Email-Worm.Win32.Warezov.u has now been added.

Art
http://home.epix.net/~artnpeg

 

[Ian Kenefick]

I received two different emails with different message bodies
and attachments. One attackment is named docs.elm.pif
The other, named Update-KB6269-x86.exe was attached
to a "social-engineered" message claiming to come from
my ISP. It claimed that worms were being detected emanating
from my computer and that the "urgent update" be installed
immediately.

Results at Virus Total were spotty, with just a small handful
of products producing a alert of any kind. The alerts all
appeared to be of a heuristic "guesswork" nature. So I
zipped both attackments and sent them to Kaspersky.

A Kaspersky analyst responded that detection for
Email-Worm.Win32.Warezov.u has now been added.

Yeah, F-Secure blogged about this earlier here
http://www.f-secure.com/weblog/archives/archive-092006.html#00000967

 

[optikl]

The other, named Update-KB6269-x86.exe was attached
to a "social-engineered" message claiming to come from
my ISP. It claimed that worms were being detected emanating
from my computer and that the "urgent update" be installed
immediately.

It never ceases to amaze me how much effort the truly lame will invest
in trying to trap the truly unsuspecting.

 

[David H. Lipman]

From: "Art" <[email protected]>

| I received two different emails with different message bodies
| and attachments. One attackment is named docs.elm.pif
| The other, named Update-KB6269-x86.exe was attached
| to a "social-engineered" message claiming to come from
| my ISP. It claimed that worms were being detected emanating
| from my computer and that the "urgent update" be installed
| immediately.
|
| Results at Virus Total were spotty, with just a small handful
| of products producing a alert of any kind. The alerts all
| appeared to be of a heuristic "guesswork" nature. So I
| zipped both attackments and sent them to Kaspersky.
|
| A Kaspersky analyst responded that detection for
| Email-Worm.Win32.Warezov.u has now been added.
|
| Art
| http://home.epix.net/~artnpeg

This is a spambot. Once installed the Warezov will start generating and spewing spam from
the infected PC immediately.

Warezov.t and Warezov.u are in the wild and spreading !

 

[Nicko]

HASNT BITDEFENDER DETECTED THIS VIRUS WITHOUT SIGNATURE?
join and discuss on theif forum. Note: need to be registered to post
http://www.BitDforum.com

 

[David H. Lipman]

From: "Nicko" <[email protected]>

| HASNT BITDEFENDER DETECTED THIS VIRUS WITHOUT SIGNATURE?
| join and discuss on theif forum. Note: need to be registered to post
| http://www.BitDforum.com
|

I just tested a sample...
BitDefender 7.2 09.12.2006 Win32.Warezov.Q@mm