The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1
Latest posting
By rating
By popularity

28 Jun A green grin Costin Raiu

Join our blog

You can contribute to our blog if you have +100 points. Comment on articles and blogposts, and other users will rate your comments. You receive points for positive ratings.

Virus Watch|A green grin

Costin Raiu
Kaspersky Lab Expert
Posted June 28, 09:58  GMT
Tags: Internet Banking, Warezov

Earlier today we intercepted a number of mailings with a new Warezov downloader. The good news is that it's already detected as Email-Worm.Win32.Warezov.pk, which we added to our database two days ago.

What's interesting about the mails is that along with the usual executable (which in this case is called "access.exe") the messages have a couple of PDFs attached.

The PDFs, which are otherwise harmless, contain alleged financial transactions. Here's an example:

If you get tricked by these and get to run the executable, it will contact kitinjderunhadsun.com and download another executable from there. This second exe is 91095 bytes in size, and we detect it as Email-Worm.Win32.Warezov.iq.

We detected the first version of Warezov almost one year ago and after all this time, the gang behind these worms is still roaming free. I'm really looking forward to the day they get caught.

Comment      Link