Subscribe to RSS feeds


Sep4
by Paul Oliveria (Technical Communications)

NUWAR has spawned yet another variant last Labor Day when email messages purporting to be eCards related to the said holiday circulated. TrendLabs has received samples that have such subjects as “A Labor Day E-Card” or “The Big Labor Day Weekend.”

The tactic is still the same: a link to the supposed eCard is given, and unsuspecting users who click on the link are redirected to a Web page that displays the following image:

labor.jpg

Once the image is clicked, a NUWAR variant detected as WORM_NUWAR.AQK is downloaded onto affected machines. Adding insult to injury is TROJ_TIBS.ANF, which, upon accessing the said page, is downloaded automatically via certain browser vulnerabilities. Both malware are already detected by Trend Micro with the latest pattern file.

It’s interesting to note that after recent makeovers, the NUWAR/ZHELATIN/Storm family has undergone in the past weeks — from BETA testing software to YouTube — it went back to sending eCard greetings. Then again, given the “success” of the 4th of July greetings a couple of months ago, it looks like it’s banking on the idea that holidays and celebrations in general are tantamount to lax security and increased user gullibility. Which is, admittedly, usally the case…

Data and initial analysis provided by Robert McArdle of TrendLabs EMEA



This entry was posted on Tuesday, September 4th, 2007 at 5:35 am and is filed under Security . Responses are closed, but you can trackback from your own site.



Comments are closed.


The Fine Line
Phish shores up in Japan


 
TrendWatch Hijack This Security Tips for Consumers
Free Online Virus Scan Rootkit Buster Submit Suspicious Files
Global Malware Map RUBotted? Trend Micro
Glossary of Threat Terms

 
© Copyright 2008 Trend Micro Inc. All rights reserved. Legal Notice