According to VeriSign’s iDefense rapid response team, the worm can be activated by clicking on a postcard.exe file and will then execute mass emails to other computers with its bogus message of cheer.
VeriSign, which so far has tracked the worm to 160 different email domains, is concerned that because of the worms greeting of holiday cheer, it has a better chance of being activated by users who are not paying attention.
The worm, referred to as a “rootkit cloaked” form of malware, can disable Windows firewalls and several different types of security programs. It contains malicious code variants Tibs, Nwar, Banwarum and Glowa.
The worm is being nicknamed “Tibs” by several security firms, including Kaspersky Lab, and VeriSign is calling the threat “significant.”
VeriSign has issued a warning to be wary of any incoming email that is not identifiable as being from known sources.
