Warezov worm surfaces again

Security vendor Kaspersky has reported a new variant of the Warezov worm.

Mass mailings of the variant, Warezov.nf, started at 5am on Thursday, and already make up between 70 and 85 percent of malicious content in email traffic, according to Kaspersky.

Like previous variants of Warezov, the worm spreads via email, disguised as an attachment. The attachment is a Trojan that downloads the latest version of the worm from a number of websites. Once downloaded, the worm copies itself to disk and loads automatically at start-up. Warezov then harvests email addresses from the hard drive and automatically sends emails with the Trojan attached, using its own SMTP engine.

The worm is able to terminate a range of antivirus and firewall applications and also downloads malicious code from the internet without the user's knowledge. Screenshots of the virus in action have been posted on F-Secure's blog.

The last Warezov attack spread through Skype's instant-messaging network. The worm did not appear to be self-propagating, spreading instead through a URL sent to Skype users. When a user activated the URL, the worm passed the URL to the user's entire contact book.

The first variant of Warezov was reported in September last year by Symantec. F-Secure first reported its spread into Skype at the end of February.