» Topic:  Email-Worm.Win32.Warezov.Email-Worm.Win32.Email-Worm.Win32.Warezov.jx

» Added by:  Mikko

» Date:  3.3.2007

  New Warezov run has been going on for some hours now. The emails seem to be constant and look like this:

Do not reply to this message

Dear Customer,

Our robot has fixed an abnormal activity from your IP address on
sending e-mails. Probably it is connected with the last epidemic of a
worm which does not have patches at the moment. We recommend you to
install a firewall module and it will stop e-mail sending. Otherwise
your account will be blocked until you do not eliminate malfunction.

Customer support center robot

The attachment is a ZIP file which contains a static EXE file. The name varies, but it's always like
Update-KB[random numbers]-x86.exe. MD5 is 2A9D6942D891F534E288830F6EA52615. We detect it as Email-Worm.Win32.Warezov.jx.

Source : http://www.f-secure.com/