Happy New Year virus breaks out

Share this article:

Spammers celebrated the New Year with a "Happy New Year!" e-mail virus attack, reports e-mail security firm Commtouch.

The "Happy New Year!" malware attack broke out in the final days of 2006 and is still in progress. The virus is comprised of distinct, low-volume variants, which were released from multiple sources simultaneously over several short time intervals.

"What was unique about this virus was the sheer quantity of variants on the virus," said Rebecca Steinberg Herson, senior director of marketing at Commtouch, Mountain View, CA. "Ten to 12 months ago you'd see a couple of variants on viruses. This one we saw 3,262 variants in 65 hours."

Commtouch identified and blocked 3,262 distinct variants during the first 65 hours of "Happy New Year!" virus activity, and there were at least three time periods on Dec. 29 when the virus accounted for nearly 12 percent of all global Internet e-mail traffic.

The same day, Commtouch tracked 842 distinct variants that were released to the Internet during a single five-minute period.

The virus was sent from multiple sources in a format that appears to be a New Year's greeting, in order to entice users to open and click on the attachment. Subject lines of the messages include, "Happy New Year!" and "Happy 2007!" and sample attachment filenames include postcard.txt, postcard.exe, or greeting card.txt.

If a user opens the attached file, the virus attempts to shut down the PC's security programs, scans for e-mail addresses to send out copies of itself and installs various malicious programs that, among other things, turns the computer into a spam zombie.

"The e-mail took advantage of the New Year's holiday," Ms. Steinberg Herson said. "I guess the writers of the virus wanted to take advantage of the holiday mood where more people would open the unknown e-mail thinking that they were getting greetings from friends."

This material may not be published, broadcast, rewritten or redistributed in any form without prior authorization. Your use of this website constitutes acceptance of Haymarket Media's Privacy Policy and Terms & Conditions