We have received reports that a Kelvir Worm is currently being spammed with these email details.
Subject: WE GOT IT!!!!
From: freestuff@paris-hilton-fans.com
Reply-To: freestuff@paris-hilton-fans.com
Date: Wed, 07 Dec 2005 16:56:32 +0100
Body:
HEY WE GOT THE PRIVATE VIDEO!!!! YES PARIS HILTON!!! CLICK HERE TO DOWNLOAD IT ITS JUST THE BEST PART!!! WOW
The link actually goes to this url:
http://{blocked}/{blocked}hiltons_secret.zip
Which when analyzed is actually a kelvir worm.
It now seems that the AIM worm is now also being spammed, and is likely to propagate through email and Instant Messaging.
The file have already been submitted to the service team and is now awaiting detection.
Subject: WE GOT IT!!!!
From: freestuff@paris-hilton-fans.com
Reply-To: freestuff@paris-hilton-fans.com
Date: Wed, 07 Dec 2005 16:56:32 +0100
Body:
HEY WE GOT THE PRIVATE VIDEO!!!! YES PARIS HILTON!!! CLICK HERE TO DOWNLOAD IT ITS JUST THE BEST PART!!! WOW
The link actually goes to this url:
http://{blocked}/{blocked}hiltons_secret.zip
Which when analyzed is actually a kelvir worm.
It now seems that the AIM worm is now also being spammed, and is likely to propagate through email and Instant Messaging.
The file have already been submitted to the service team and is now awaiting detection.
Update (Jovs, 12 December 2005 18:32:08)
This will be detected as WORM_KELVIR.DH.