!New virus! Please be very carefully!

Today got new message:

from: secur@motorsportwarehouse.com

Mail server report.

Our firewall determined the e-mails containing worm copies are being sent from your computer.

Nowadays it happens from many computers, because this is a new virus type (Network Worms).

Using the new bug in the Windows, these viruses infect the computer unnoticeably.
After the penetrating into the computer the virus harvests all the e-mail addresses and sends the copies of itself to these e-mail
addresses

Please install updates for worm elimination and your computer restoring.

Best regards,
Customers support service

and attached file:

Update-KB6546-x86.zip

Pls be very carefully - this is new virus: Email-Worm.Win32.Warezov.bt
I send it to virus@avast.com

There has recently been a similar topic on this, http://forum.avast.com/index.php?topic=23762.0, different kb number but the same issue, regardless if you don’t receive an alert, never open attachments in unsolicited email. This is just good old deception, social engineering to get you to open the attachment, something that has been going on for years. This is just another trick.

Don’t open attachments or click links in unsolicited emails, even if you think they are from friends (the address can be forged), check, check, at worst you lose an email if you delete it and it can be sent again after checking if genuine.

Hi DavidR,

An extensive technical description of this e-mail here:
http://www.avira.com/en/threats/section/fulldetails/id_vir/2757/worm_warezov.q.1.html

polonus

I wasn’t so much talking in respect of the virus (as any virus could be bundled in this way) but, the use of deception or social engineering as a means to get you infected.

Especially since this worm, Win32.Warezov.bt isn’t new and should be detected by avast along with 222 other Win32.Warezov variants detected by avast.

DavidR,

if I make post, it’s mean, what at that moment Avast could not recognise this file like a virus. I have prof. edition of Avast, if I got new virus-file, of course I check my Avast data base first and check file again, if no results, I go to web-site and make on-line scan, if here are all clear, I make post to forum and send this file to avast. my posts - just global alert for all over users.

Thanks Larix. Hope Alwil improve detection of this :wink:

I appreciate that and for the same reasons I mentioned this is a common tactic that can be avoided. Don’t open attachments or click links in unsolicited emails, even if you think they are from friends (the address can be forged), check, check, at worst you lose an email if you delete it and it can be sent again after checking if genuine.

Unfortunately virus naming doesn’t have any standardisation so may differ from one anti-virus program to another, since Win32:Warezov-bt is in the avast database then whatever the other AV you detected it with (you didn’t say what that was ?) has the same/similar name but for a different variant of the Warezov family.

Hello you Larix,

Well there is so much malware around, that no single av scanner or total malware solution can catch up with them all, then there is FPs etc. So I feel almost obliged to add some extra scanning to one of the best residential scanners I know, that is avast of course. Personally I use the in-browser small av pre-hyperlink scanner of DrWeb’s to know I am will not be clicking the wrong hyperlink. I have the non-residential scanner that I run once a week from DrWebCureIt, and have the extra protection of the open software mom-residential and very frequently updated ClamWin scanner (not the fastests of beasts or the newest technology, but just the definitions that other run-of-the-mill av scanner do not have), then run the sweeps of ad-aware and SpySweeper to get the remaining spy-and adware, update my SpywareBlaster, I am done, and switch back to my normal user account. SafeXP tweaked my machine, feel as hug as a bug in a rug,

polonus