Sophos users protected against Happy New Year malware

January 02, 2007 Sophos Press Release

Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have reminded computer users of the threat posed by unsolicited email following a large scale worm outbreak over the new year holiday period.

The W32/Dref-V email worm, first seen on 30 December, hit email systems hard in the last two days of 2006 posing as an electronic greeting celebrating the new year.

With subject lines such as "Happy New Year!", "Fun Filled New Year!" and "Happy 2007!" the worm spread via email with a malicious executable attachment (called names such as postcard.exe and Greeting Card.exe).

A typical email sent by the Dref-V worm
A typical email sent by the Dref-V worm.

"The hackers responsible for this attack were clearly hoping that users would be too distracted by new year celebrations to remember computer security common sense," said Graham Cluley, senior technology consultant for Sophos. "Everyone should be suspicious of unsolicited email attachments, and ensure that their PC defenses - including their anti-virus protection - are in place and up-to-date."

Sophos Anti-Virus users have been protected against W32/Dref-V since 03:04:20 GMT on 30 December 2006.

Sophos experts note that this is not the first occasion on which hackers have exploited new year festivities to try and spread their malware. Two years ago another worm, Wumark-D, distributed itself in an unusual Happy New Year message in the form of a photograph of naked bodies.

Sophos recommends that all computer users should ensure that they are running an automatically updated anti-virus product, security patches and firewall software.