Nuwar for Valentine’s Day

It shouldn’t be a surprise to anyone that the Nuwar gang has released a new version of their social engineering scam for Valentine’s Day; they are just a bit early.

The gang has started again sending spam messages with subjects related to love.  The body of the e-mails contains a short message and a link to a host infected with Nuwar that serves new variants.  The new design of the website looks like the following screenshot.

 

 

The latest variants are detected as Nuwar.BH and the file name we have seen so far is withlove.exe.  This malware installs its configuration file and a system driver in the system32 folder.  Both file names begin with “burito” followed by random characters.

 

Pierre-Marc Bureau

Researcher

Author Pierre-Marc Bureau, ESET

  • http://jameseo.com James Harrison

    That’s sucks malwarers are creating files that I can easily endup at, putting viruses on my computer. My friend just got a similar virus on his computer similar to that love virus some years back.

    Could the basic $39.99 antivirus subscription fight viruses just created in the past year?

    Thanks

  • Randy Abrams

    It is impossible to say if everything in the past year is detected as some threats may not have been discovered. Additionally, some threats have limited lives and adding detection after the fact does not increase security. No antivirus is 100%. To be protected you need to compliment antivirus software with other layers of security. Computer security education is your friend as well!

    Randy Abrams
    Director of Technical Education

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

4 articles related to:
Hot Topic
15 Jan 2008
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.