We've received word from a number of readers that "postcard.exe" is currently being spammed in EMails with the subject "Happy New Year". AV coverage is still thin. MD5: 4adf7a3719c485a4e482498874b6695f
Update 1530UTC: AV protection coming online, Trojan-Downloader.Win32.Tibs.jy (Kaspersky), W32/Dref-U (Sophos) W32.Nuwar.AY (TrendMicro). ClamAV was one of the first AVs to have protection available when the wave started last night, they are calling it Downloader-388.
There is also a set of BleedingSnort Sigs available which helps in detecting an existing infection (systems reporting to C&C).
Update 1400UTC: Symantec has thrown their hat in the ring with W32.Mixor.Q@mm.
Dec 29th 2006
1 decade ago