Subscribe to RSS feeds


Jul9
by David Sancho (Threats Analyst)

It seems like the same group responsible for spamming the malicious eCard greetings are also active with an old virus social trick, the “You’re Infected!” email. In this case, attackers are lazy enough to spam both the eCard and “You’re Infected!” emails with the same exact infectious links. This looks quite odd for unsuspecting users when the link for the eCard is “patch.exe”. The text has been very sloppily made too, announcing how there is a patch that can fix worms.

WORM_NUWAR.HC email sample

In any case, we recommend never to click on links from emails, especially the ones that download executables. These ones are being detected by Trend Micro as WORM_NUWAR.HC.



This entry was posted on Monday, July 9th, 2007 at 5:01 am and is filed under Security . Responses are closed, but you can trackback from your own site.



No Responses to “Postcards or patches?”

  1. Anti Rootkit Blog » Blog Archive » Abnormal activity from your IP…yeah sure Says:
    July 9th, 2007 at 8:53 am

    [...] References: 4th of July Ecard Postcards or patches? [...]


HijackThis version 2.0.2 available now
And a voice said, “You has been infected”


 
TrendWatch Hijack This Security Tips for Consumers
Free Online Virus Scan Rootkit Buster Submit Suspicious Files
Global Malware Map RUBotted? Trend Micro
Glossary of Threat Terms

 
© Copyright 2008 Trend Micro IncAll rights reserved. Legal Notice