Security vendors have warned that the "Happy New Year" worm could catch employees returning from New Year's celebrations unawares, but believe the threat posed by the malware will soon pass.
The worm, which was first detected last last week, is sent as an email attachment called either postcard.exe or postcard.zip. If opened, it automatically sends itself to email addresses found on an infected computer. It is also "network aware", meaning it will try to infect all computers on a network.
The worm also turns off antivirus applications, can drop more malware, downloads code from the internet, and installs itself in the registry, making it harder to detect, according to security company Sophos.
Sophos saw a large spike in the number of infected emails on December 30 and 31, when the worm accounted for 93.6 percent of all infected email. However, over the past 24 hours the worm accounted for just four percent of all viruses in infected email.
Sophos said systems administrators should be aware that employees returning to work may inadvertently infect their machines if their antivirus has not yet updated.
Sophos has called the worm Dref V, but it is also known as Trojan-Downloader.Win32.Tibs.jy. The subject line of infected emails has been "Happy New Year!", but Sophos has also seen:
- Annual Fun Forecast!
- Baby New Year!
- Best Wishes For A Happy New Year!
- Fun 2007!
- Fun Filled New Year!
- Happiness And Continued Success!
- Happiness and Success!
- Happiness In Everything!
- Happy 2007!
- Happy Times And Happy Memories!
- May Your Dreams Come True!
- New Hopes And New Beginnings!
- New Year..Happy Year!
- Promises Of Happy Times!
- Raising A Toast To Happy Times!
- Scale Greater Heights!
- Sparkling Happiness and Good Times!
- Warm New Year Hug!
- Warmest Wishes For New Year!
- Welcome 2007!
- Wishing Your Happiness!
- Wishing You Happy New Year!
- Wish You Smiles And Good Cheer!
The attachment name could be any of the following:
- Postcard.exe
- postcard.ex
- Greeting Card.exe
- greeting card.exe
- Greeting Postcard.exe
- greeting postcard.exe
Tom Espiner reported for ZDNet UK from London
