New Nuwar for Christmas

At midnight GMT time, we started receiving reports of a new wave of Nuwar e-mails.  The e-mails contain the following text trying to convince a user into visiting a malicious website:

 

 

This Christmas, we want to show you something you will really enjoy.

This might not be fun for the whole family, but I bet you’ll like it come one take 2 min and check it out.

http://<malicious website address/

 

 

The advertised website uses software exploits to infect visitors.  It also offers visitors a strip show application where “Each one does her best to make you really feel the Holiday Spirit!”

 

This new variant of Nuwar will copy itself to the Windows directory under the name disnisa.exe and create a registry key to launch the executable every time the system boots.  This threat is still using a peer-to-peer network protocol to establish communication between infected computers and their controller.

 

Pierre-Marc Bureau

Researcher

Author Pierre-Marc Bureau, ESET

3 Responses to “New Nuwar for Christmas”

  1. Valdo says:

    Did ThreatSense detect this malware ? What’s its name in virus database ?

  2. Randy Abrams says:

    I’ll have to check on that and get back to you. since we call the “storm worm” Nuwar it is probably being detected as a Nuwar of some type.

    Randy Abrams
    Director of Technical Education

  3. Hi,

    ThreatSense does detect this malware and it is labeled Nuwar.

    There was another spam run yesterday related to the new year and we also detect this variant as Nuwar.

Leave a Reply

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

4 articles related to:
Hot Topic
24 Dec 2007
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.