Once again an e-mail worm with the title ‘Happy New Year’ is making the
VeriSign’s iDefense security unit is reporting on the emergence of a 2007
variant Happy New Year worm. According to Ken Dunham, director of the Rapid
Response Team at iDefense, the Happy New Year worm is being heavily seeded at
a rate of up to five e-mails per second.
To achieve the rapid seed rate, iDefense
has estimated that there are more than 160 e-mail servers currently sending
the maliciously intentioned New Year’s greeting.
Like many worms, user interaction is required in order for any harm to
occur. Clicking on the message will result in two rootkits being installed on the victim’s machine.
The rootkits serve to protect malicious code variants from a number of
different worm-code families. The victimized PC can then be turned
into a host for spamming the Happy New Year worm to others.
“The period of greatest risk is through the New Years holiday, when
antivirus protection is the lowest for this new threat and users are most
apt to click on a ‘New Year’s’ related message,” Dunham said. “Everyone
should be on guard for e-mails and other content potentially harboring
malicious code during the holiday period.”
The 2007 Happy New Year worm is called Luder.A by antivirus vendor F-Secure,
which has also issued an advisory on the worm.
Whatever the technical name is for the 2007 Happy New Year worm, it is
neither the first (nor likely the last) worm to be called “Happy
As far back as 1999, potential “Happy New Year” e-mail threats have been circulated on the Internet. One 1999 threat was
labeled as a hoax by security vendor Symantec.
But hoax or not, worm or virus, malicious “Happy New Year” e-mails have existed in one form or another. Looks like when it comes to e-mail threats in 2007, they’re going to party like it’s 1999.