Ken Dunham, director of the Rapid Response Team at VeriSign iDefense, said today that the worm is spreading at a rate of five emails per second on some networks and that the malware is employing more than 160 servers to spam out the message.
The email carries a malicious attachment - postcard.exe - that, if executed, installs malicious code variants of Tibs, Nuwar, Banwarum and Glowa onto users' computers, Dunham said. In addition, two rootkit files are installed to prevent the malware from being discovered.
"User interaction is required for the worm to infect a computer, but is more likely due to the holiday period and social engineering of the worm," he said. "The period of greatest risk is through the New Year's holiday, when anti-virus protection is the lowest for this new threat and users are most apt to click on a ‘New Year's' related message."
Mikko Hypponen, F-Secure's chief research officer, said today that postcard.exe attachments should normally be avoided because "they always seem to be bad news."
Click here to email reporter Dan Kaplan.
Ringing in the new year with an email worm
By Dan Kaplan on Dec 29, 2006 5:27PM