Application security

Ringing in the new year with an email worm

Be careful who you accept New Year's wishes from. Security researchers today are warning of new, mass-spammed email worm containing a "Happy New Year" subject heading that few security programs protect against.

Ken Dunham, director of the Rapid Response Team at VeriSign iDefense, said today that the worm is spreading at a rate of five emails per second on some networks and that the malware is employing more than 160 servers to spam out the message.

The email carries a malicious attachment - postcard.exe - that, if executed, installs malicious code variants of Tibs, Nuwar, Banwarum and Glowa onto users' computers, Dunham said. In addition, two rootkit files are installed to prevent the malware from being discovered.

"User interaction is required for the worm to infect a computer, but is more likely due to the holiday period and social engineering of the worm," he said. "The period of greatest risk is through the New Year's holiday, when anti-virus protection is the lowest for this new threat and users are most apt to click on a ‘New Year's' related message."

Mikko Hypponen, F-Secure's chief research officer, said today that postcard.exe attachments should normally be avoided because "they always seem to be bad news."

Click here to email reporter Dan Kaplan.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.