"Happy New Year!" worm on the move

Spreading from 160 domains, the malware requires users to run an executable

Verisign Inc. is warning of a new e-mail worm arriving in inboxes with the subject "Happy New Year!"

The message, currently being spread from 160 e-mail domains, requires users to click on the attached "postcard.exe" file in order to cause damage. The file will install several different malicious code variants including Tibs, Nwar, Banwarum and Glowa on the computer. It then executes mass mailings from the infected computer.

The worm is already being heavily spammed, Verisign said. The security company has found one network that is sending out five e-mails per second with the worm.

While the worm requires user interaction to do harm, Verisign believes that it has potential to do damage because of the "Happy New Year!" subject line. The company is warning e-mail users to be wary before clicking on messages that they think may be legitimate happy new year messages from friends.

As of Thursday, multiple large networks have reported interceptions of the e-mail, Verisign said. While the "postcard.exe" attachment has the same name as an attack spread earlier this month, this is a new and largely undetected threat, Verisign said.

Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies