Jul9
5:01 am (UTC-7)   |   by David Sancho (Malware Researcher)

It seems like the same group responsible for spamming the malicious eCard greetings are also active with an old virus social trick, the “You’re Infected!” email. In this case, attackers are lazy enough to spam both the eCard and “You’re Infected!” emails with the same exact infectious links. This looks quite odd for unsuspecting users when the link for the eCard is “patch.exe”. The text has been very sloppily made too, announcing how there is a patch that can fix worms.

WORM_NUWAR.HC email sample

In any case, we recommend never to click on links from emails, especially the ones that download executables. These ones are being detected by Trend Micro as WORM_NUWAR.HC.

If you're new here, you may want to subscribe to our RSS feed. Thanks for visiting!



This entry was posted on Monday, July 9th, 2007 at 5:01 am and is filed under Security . Responses are closed, but you can trackback from your own site.



No Responses to “Postcards or patches?”

Trackbacks

  1. Anti Rootkit Blog » Blog Archive » Abnormal activity from your IP…yeah sure

HijackThis version 2.0.2 available now
And a voice said, “You has been infected”


 
TrendWatch Hijack This Web Protection Add-On
Free Online Virus Scan Rootkit Buster Submit Suspicious Files
Global Malware Map RUBotted? Trend Micro
 



    		 
© Copyright 2009 Trend Micro Inc. All rights reserved. Legal Notice