Last Updated: 2006-12-30 18:51:06 UTC
by Brian Granier (Version: 1)
Update UTC1655: Several respondants have confirmed the behavior reported by Thomas. Known variations are as follows:
Subject lines appear to be changing with a much larger bank of possibilities. I anticipate AV vendors will begin to ducment this. A list was provided by reader Diego. This is a good start, but most likely partial:
Annual Fun Forecast!
Baby New Year!
Best Wishes For A Happy New Year!
Fun Filled New Year!
Happiness And Continued Success!
Happiness And Success!
Happiness In Everything!
Happy New Year!
Happy Times And Happy Memories!
May Your Dreams Come True!
New Hopes And New Beginnings!
New Year... Happy Year!
Promises Of Happy Times!
Raising A Toast To Happy Times!
Scale Greater Heights!
Sparkling Happiness And Good Times!
Warm New Year Hug!
Warmest Wishes For New Year!
Wish You Smiles And Good Cheer!
Wishing You Happiness!
Wishing You Happy New Year!
Reader Ken sent a note about two snort rules that are triggering against emails associated with this virus. The first rule can not be published here as it is a licensed rule under vrt license, which can be obtained from snort.org. Specifically it is used for detecting netsky attachments and has a sid of 9425.
The other rule, however, is public domain. Here it is:
VIRUS OUTBOUND bad file attachment
alert tcp $HOME_NET any -> $EXTERNAL_NET 25 (msg:"VIRUS OUTBOUND bad file attachment";flow:to_server,established;content:"Content-Disposition|3A|";