new virus wave

[dra007]

Anyone else deluged with

Happy New Year

Received: from source ([208.18.50.47]) by exprod7mx86.postini.com ([64.18.6.14]) with SMTP;

Sat, 30 Dec 2006 23:17:51 PST

Received: from kia ([149.240.92.109]) by smumuk with Microsoft SMTPSVC(5.0.2195.6713); Sun, 31 Dec 2006 01:14:36 -0600

Message-ID: <4597635C.5040106[at]arbiltek.com>

Date: Sun, 31 Dec 2006 01:14:36 -0600

From: disapprove <gudujb[at]arbiltek.com>

User-Agent: Thunderbird 1.5.0.9 (Windows/20061207)

MIME-Version: 1.0

To: [at]imap.pitt.edu

Subject: Happy New Year!

Content-Type: multipart/related;

boundary="------------080707030709030501020306"

X-pstn-levels: (S: 0.05549/98.86690 R:95.9108 P:95.9108 M:97.0282 C:98.6951 )

X-pstnvirus: W32/Nuwar[at]MM

X-pstn-settings: 5 (2.0000:2.0000) s gt3 gt2 gt1 r p m c

X-pstn-addresses: from <gudujb[at]arbiltek.com> forward (good recip) [3773/146]

--------------------------------------------------------------------------------

Date: Sun, 31 Dec 2006 01:14:36 -0600

From: disapprove <gudujb[at]arbiltek.com>

To: [at]imap.pitt.edu

Subject: Happy New Year!

Attachments:

application/x-msdownload; name="greeting postcard.exe"

virus containing e-mails?

[GraemeL]

virus containing e-mails?

Yes. It's been around for two or three days now.

Securiteam information.

SANS ISC information.

[dra007]

Thanks, interesting to note:

Kaspersky Lab has added detection on Thursday 28th Dec and several sources report about massive spam campaigns.

The size of the .exe varies but the subject line is always same. Maybe no need to mention that this malware tries to terminate the processes of several AV and firewall utilities.

...I have been getting a 50-60% increase in spam these days as well as doezens of viruses. Spammers must love me...Good thing postini defangs the e-mails before I even see them..

[Farelf]

Anyone else deluged with ...Happy New Year virus containing e-mails?

Yep, see my example in VirusTotal, Multiple AV scanner

[StevenUnderwood]

Anyone else deluged with Happy New Year virus containing e-mails?

I reported about a dozen of these this morning as caught by Postini. There is another thread around here with more information as well.

[daryn]

Thanks, interesting to note:

...I have been getting a 50-60% increase in spam these days as well as doezens of viruses. Spammers must love me...Good thing postini defangs the e-mails before I even see them..

My spam rates jumped from 80/day to 150/day in October with all the new pump and dumps

and slowly crawled up to 200+/day (about 10/hr) until today..

today I'm getting well over 30/hr..

so I presume I have graduated to the 500/day club..

Spammers are almost making email useless...

A parasite that kills the host is usually considered to be unsuccessful...

[dra007]

My spam rates jumped from 80/day to 150/day in October with all the new pump and dumps

and slowly crawled up to 200+/day (about 10/hr) until today..

today I'm getting well over 30/hr..

so I presume I have graduated to the 500/day club..

Spammers are almost making email useless...

A parasite that kills the host is usually considered to be unsuccessful...

Congratulations! I passed the 1000/day mark myself. A lot of the increase seems to be in russian originated or hosted spam, comparatively I see drop in the Chinese hosted spam...Perhaps they sold my address and moved on....