Information on the “Happy New Year” malware

Experts at SophosLabs have reminded computer users of the threat posed by unsolicited email following a large scale worm outbreak over the new year holiday period. The W32/Dref-V email worm, first seen on 30 December, hit email systems hard in the last two days of 2006 posing as an electronic greeting celebrating the new year.

With subject lines such as “Happy New Year!”, “Fun Filled New Year!” and “Happy 2007!” the worm spread via email with a malicious executable attachment (called names such as postcard.exe and Greeting Card.exe). This is the Sophos virus database listing for the W32/Dref-V worm:

W32/Dref-V is a virus for the Windows platform.

W32/Dref-V spreads to other network computers and via email.

W32/Dref-V includes functionality to access the internet and communicate with a remote server via HTTP.

W32/Dref-V sends emails with the following characteristics:

From:
Subject line: “Happy New Year!”
Message text:
Attached file: postcard.exe
or
From:
Subject line: chosen from
“Annual Fun Forecast!”
“Baby New Year !”
“Best Wishes For A Happy New Year!”
“Fun 2007!”
“Fun Filled New Year!”
“Happiness And Continued Success!”
“Happiness and Success!”
“Happiness In Everything!”
“Happy 2007!”
“Happy Times And Happy Memories!”
“May Your Dreams Come True!”
“New Hopes And New Beginnings!”
“New Year..Happy Year!”
“Promises Of Happy Times!”
“Raising A Toast To Happy Times!”
“Scale Greater Heights!”
“Sparkling Happiness and Good Times!”
“Warm New Year Hug!”
“Warmest Wishes For New Year!”
“Welcome 2007!”
“Wishing Your Happiness!”
“Wishing You Happy New Year !”
“Wish You Smiles And Good Cheer!”
Message text:
Attached file:chosen from
Postcard.exe
postcard.ex
Greeting Card.exe
greeting card.exe
Greeting Postcard.exe
greeting postcard.exe