Thanks go to the SIRT team at Kansas State University for the following notification

Four different emails with the following subjects are making the rounds this busy holiday season:

Shipping update for your order 254-78546325-658742

You have received A Hallmark E-Card!

Jessica would like to be your friend on hi5!

Your friend invited you to twitter!

This is a new form of Malware that email virus checkers seem unable to find, so beware.

There are three (somewhat) different attachments:



There are at least three different malicious executables in the zip files (note the numerous spaces in the file name before the “.exe” extension):

“attachment.pdf                              .exe”

“attachment.htm                             .exe”

“attachment.chm                            .exe”

What it does:

Harvests email addresses in address books and sends the same malicious emails to everyone – aka “mass mailing worm”

Modifies Windows  registry to run every time the computer boots

Copies itself to mounted file systems, including USB flash drives

Copies itself to common P2P file sharing folders, masquerading as enticing software downloads