Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
  • Email Subscription

  • About Us

    5:51 am (UTC-7)   |    by

    Yes, WORM_NUWAR’s at it again and this time around it is using image spam tactics. Spammed messages related to this variant, detected by Trend Micro as WORM_NUWAR.EN, have message bodies in GIF format. The number of image spam dramatically rose late last year when spammers realized how effective using images can be in evading email content filters. WORM_NUWAR.EN may be capitalizing on this effectivity to expand its already versatile spamming repertoire.

    Another thing notable for this paticular Nuwar is its availability on several IP addresses, most of which are .HK (Hong Kong) domains. Usual file name of the executable is ECARD.EXE. Its cherry topping, however, is a rootkit capability that enables it to hide its network activities.

    Where as WORM_NUWARs, in general, usually bank on their social engineering skills to carry out effective attacks, this latest iteration saw to taking Nuwar’s technical chops to another level. Yes, WORM_NUWAR is indeed at it again and it’s hitting on different areas that’re still sure to hurt.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon

    Comments are closed.


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice