Sophos users protected against Happy New Year malware

Sophos Press Release

Dref-V email worm spreads malicious greeting

Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have reminded computer users of the threat posed by unsolicited email following a large scale worm outbreak over the new year holiday period.

The W32/Dref-V email worm, first seen on 30 December, hit email systems hard in the last two days of 2006 posing as an electronic greeting celebrating the new year.

With subject lines such as "Happy New Year!", "Fun Filled New Year!" and "Happy 2007!" the worm spread via email with a malicious executable attachment (called names such as postcard.exe and Greeting Card.exe).

A typical email sent by the Dref-V worm
A typical email sent by the Dref-V worm.

"The hackers responsible for this attack were clearly hoping that users would be too distracted by new year celebrations to remember computer security common sense," said Graham Cluley, senior technology consultant for Sophos. "Everyone should be suspicious of unsolicited email attachments, and ensure that their PC defenses - including their anti-virus protection - are in place and up-to-date."

Sophos Anti-Virus users have been protected against W32/Dref-V since 03:04:20 GMT on 30 December 2006.

Sophos experts note that this is not the first occasion on which hackers have exploited new year festivities to try and spread their malware. Two years ago another worm, Wumark-D, distributed itself in an unusual Happy New Year message in the form of a photograph of naked bodies.

Sophos recommends that all computer users should ensure that they are running an automatically updated anti-virus product, security patches and firewall software.

More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at