Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

'Happy New Year' Worm Gains Ground

The "Happy New Year" worm-carrying spam that first appeared last week accounted for 12% of all e-mail traffic over the weekend and continues to spread, antivirus vendors said Tuesday.

The worm, dubbed "Tibs" by Kaspersky Lab but also known as a "Nuwar" variant (Trend Micro) and "Mixor.q" (Symantec), appears as a file attachment named "postcard.exe" in messages with "Happy New Year" subject headings. Users who launch the executable will infect their PCs with rootkits, keyloggers, and other malware.

Israeli security company Commtouch reported that at times on Friday, Dec. 29, Tibs-infected messages made up nearly 12% of all e-mail sent worldwide. Rival F-Secure, meanwhile, said its data pegged the worm as accounting for 16.9% of all malicious messages, easily outdistancing long-running champs such as MyDoom and Mytob.

"This outbreak ushered out 2006 with a bang," said Haggai Carmon, Commtouch VP of products, in a statement Tuesday. "During 2006, a growing number of massive server-side polymorphic outbreaks swarmed the Internet and successfully maintained a sizable lead of several hours to weeks ahead of traditional signature-based solutions.

"What makes them so unique is that they are released in a large number of distinct and short-lived variants, making it impossible to generate one signature or heuristic rule to effectively protect against them [so] malware writers maximize their chances of infecting the largest number of machines," Carmon said.

  • 1