Mass Mailing Worm Greets the New Year

The Dref-V mass-mailing worm is without a doubt the malware star at the debut of 2007. The long time dormant Dref-V made a comeback at the end of 2007, and has taken the charts by storm. According to data released by security company Sophos, the The Dref-V mass-mailing worm has been pushed at the top of malware charts by the spread of two different variants.

"The Dref-V mass-mailing worm, which poses as a New Year e-card, was discovered on December 30, 2006, and by the following day accounted for 93.7% of infected emails. As a result, Dref - which was first seen in July 2005 - has knocked last month's main offender Stratio (also known as Stration) off the top of the chart. Stratio, currently in fourth place, now accounts for just 7.8% of the total," revealed Sophos.

The emails that spread the worm have "Happy New Year!", "Fun Filled New Year!" and "Happy 2007!" for subject lines and contain attachments labeled postcard.exe and Greeting Card.exe. This is an example of social engineering at its best. The attackers have speculated the holiday season in order to spread the worm.

"Dref has been spammed out far and wide in the last few days, and there's a danger that in the rush to get through the backlog of holiday emails, people might return to work and accidentally launch the malicious attachment," said Carole Theriault, senior security consultant at Sophos. "Its social engineering tactics are not new, so most businesses should have adequate defenses in place to tackle the worm. Having spread for only two days during the entire month, it is astonishing that Dref has secured the top position for most widespread piece of malicious code."