X
Tech

'Happy New Year' worm hits Windows

New fast-spreading worm e-mails a victim's contact list to their entire address book by duping users into thinking it is a Christmas treat.
Written by Wendy McAuliffe, Contributor
A mass-mailing Internet worm that purports to offer New Year greetings was spreading rapidly Wednesday, and is rumored to be the big Christmas virus that antivirus companies have been gearing up for.

The first copy of the virus was detected at 7:23am GMT by security firm MessageLabs and is said to have originated from South Africa. By using a number of aliases, the e-mail worm has spread virulently throughout the day. MessageLabs has detected 925 incidents of the worm at an Internet level to date, from a number of countries across the globe.

"This won't be as big as Goner, but it is likely to be the biggest Christmas virus," said Alex Shipp, antivirus technology expert at MessageLabs.

The worm, operating under the guises of Zacker, Reeezak, Maldal and Keyluc, arrives with the subject header "Happy New Year" and contains a file attachment entitled "christmas.exe." It uses familiar social engineering tactics to entice recipients to double click on the attachment, before mailing itself and the victim's contact list to everyone in the contact's address book.

"Over the last week, we have seen thousands of executable files like this that have been sent as jokes or Christmas cards," said Shipp. "We have seen 4,000 copies of such viruses this week, and so from a social engineering point of view, it looks like this virus will continue."

The worm arrives with the body text:
"I can't describe my feelings But all i can say is Happy New Year :-) Bye."

Once the Christmas.exe application is opened, the worm will modify the user's Internet Explorer (IE) home page so that the browser now points to a malicious Web site. This site will then exploit a vulnerability in IE and run a Visual Basic Script on the infected computer that will attempt to delete significant portions of the Windows operating system.

Experts believe the worm spreads through shared network drives, and by taking advantage of Microsoft applications. Computer Associates has reported that the virus will email itself to everyone in an infected victim's Outlook address book.

According to reports, Symantec believes the worm also spreads via Microsoft's Instant Messaging software, and will try to delete antivirus software from an infected PC. A mass-mailing Internet worm that purports to offer New Year greetings was spreading rapidly Wednesday, and is rumored to be the big Christmas virus that antivirus companies have been gearing up for.

The first copy of the virus was detected at 7:23am GMT by security firm MessageLabs and is said to have originated from South Africa. By using a number of aliases, the e-mail worm has spread virulently throughout the day. MessageLabs has detected 925 incidents of the worm at an Internet level to date, from a number of countries across the globe.

"This won't be as big as Goner, but it is likely to be the biggest Christmas virus," said Alex Shipp, antivirus technology expert at MessageLabs.

The worm, operating under the guises of Zacker, Reeezak, Maldal and Keyluc, arrives with the subject header "Happy New Year" and contains a file attachment entitled "christmas.exe." It uses familiar social engineering tactics to entice recipients to double click on the attachment, before mailing itself and the victim's contact list to everyone in the contact's address book.

"Over the last week, we have seen thousands of executable files like this that have been sent as jokes or Christmas cards," said Shipp. "We have seen 4,000 copies of such viruses this week, and so from a social engineering point of view, it looks like this virus will continue."

The worm arrives with the body text:
"I can't describe my feelings But all i can say is Happy New Year :-) Bye."

Once the Christmas.exe application is opened, the worm will modify the user's Internet Explorer (IE) home page so that the browser now points to a malicious Web site. This site will then exploit a vulnerability in IE and run a Visual Basic Script on the infected computer that will attempt to delete significant portions of the Windows operating system.

Experts believe the worm spreads through shared network drives, and by taking advantage of Microsoft applications. Computer Associates has reported that the virus will email itself to everyone in an infected victim's Outlook address book.

According to reports, Symantec believes the worm also spreads via Microsoft's Instant Messaging software, and will try to delete antivirus software from an infected PC.



Editorial standards