New Nuwar for Christmas

At midnight GMT time, we started receiving reports of a new wave of Nuwar e-mails.  The e-mails contain the following text trying to convince a user into visiting a malicious website:

This Christmas, we want to show you something you will really enjoy.

This might not be fun for the whole family, but I bet you’ll like it come one take 2 min and check it out.

http://<malicious website address/

The advertised website uses software exploits to infect visitors.  It also offers visitors a strip show application where “Each one does her best to make you really feel the Holiday Spirit!”

This new variant of Nuwar will copy itself to the Windows directory under the name disnisa.exe and create a registry key to launch the executable every time the system boots.  This threat is still using a peer-to-peer network protocol to establish communication between infected computers and their controller.

Pierre-Marc Bureau

Author Pierre-Marc Bureau, ESET

  • Valdo

    Did ThreatSense detect this malware ? What’s its name in virus database ?

  • Randy Abrams

    I’ll have to check on that and get back to you. since we call the “storm worm” Nuwar it is probably being detected as a Nuwar of some type.

    Randy Abrams
    Director of Technical Education

  • Hi,

    ThreatSense does detect this malware and it is labeled Nuwar.

    There was another spam run yesterday related to the new year and we also detect this variant as Nuwar.

Follow us

Copyright © 2017 ESET, All Rights Reserved.