A new WORM_NUWAR.CQ variant (filename: postcard.exe, 50,648 bytes) is spreading since yesterday night. This worm is detected since CPR 4.250.01. Once again, faked bills with the subject “KD Webshop Bestellung ” are seeded. Attached is the file “rechnung.exe” (file size: 8.522 bytes), which is detected by IntelliTrap as PAK_Generic.001. Detection will be available in the upcoming CPR as TROJ_YABE.BK. Faked “1&1″ bills are seeded, too. Attachment name is “rechnung.zip.exe” (file size: 7.016 bytes), which will be detected as TROJ_YABE.BL. As usual, don’t click on .exe files, and, if possible block .exe files in general on your email server or gateway.
Share this article