A new WORM_NUWAR.CQ variant (filename: postcard.exe, 50,648 bytes) is spreading since yesterday night. This worm is detected since CPR 4.250.01. Once again, faked bills with the subject “KD Webshop Bestellung ” are seeded. Attached is the file “rechnung.exe” (file size: 8.522 bytes), which is detected by IntelliTrap as PAK_Generic.001. Detection will be available in the upcoming CPR as TROJ_YABE.BK. Faked “1&1″ bills are seeded, too. Attachment name is “rechnung.zip.exe” (file size: 7.016 bytes), which will be detected as TROJ_YABE.BL. As usual, don’t click on .exe files, and, if possible block .exe files in general on your email server or gateway.

If you're new here, you may want to subscribe to our RSS feed. Thanks for visiting!