Jump to content

Worm detected!


Recommended Posts

The subject was Worm detected! and sure enough, as advertized, a worm was enclosed (in removal-77320.rar, truncated in the foregoing). Well, I thought it was worth a sardonic grin.

Malicious worm detected! No, really! says Trend Micro - naming it (or a near relative) WORM_NUWAR.AOP. Of the 31 AV apps at Virus Total, only McAfee found anything (W32/Nuwar[at]MM!rar) in the base64 encoded form in which it was transmitted. NAV found nothing.

"My" version, size and hashes:

size: 68481

md5.: 7dc509c2785c7e28623c3f4a348f8907

sha1: e43c3c52a9e068261aa1317dfb68d1a96e6c886d

Quite an unconvincing effort really - the little gif before the payload is in Courier font (faux plain text) with the following sage advice

Dear Customer,

Our robot has detected an abnormal activity from your IP adress on sending e-mails. Probably it is connected with the last epidemic of a worm which does not have official patches at the moment. We recommend you to install this patch to remove worm files and stop email sending, otherwise your account will be blocked. We archived the patch because the worm can modify unpacked exe files. You have to open archive file, enter password and run patch immediately.

Password: top01

Customer Support Center Robot.

Customer? Spelling? Grammar? I'm sure they'll get better. Then they just have to convice us to open files from people of whom we've never heard. And they imagine a good proportion of us would either not see the notice was an image or fail to recognize the significance if we did see. How lame. Yet some fall for it, apparently.
Link to comment
Share on other sites

Then there's this to look forward to - Storm Worm marries malware and spam

Spammers have decided to kill two birds with one spam: The stock-touting e-mail messages regularly sent out by spam-focused bot nets have started to include links to malicious code, according to a report published Wednesday by e-mail security firm MessageLabs.

The criminal groups responsible for the spam appear to believe that recipients of the e-mail may click on a Web link, even if they don't buy the stock touted by the e-mail message. In the past 10 days, MessageLabs has only detected about 3,500 of the messages, so the spammers may be testing to waters to see how often the scam works, said Mark Sunner, chief technology officer for the company. ...

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...