Nuwar Storm Come Back for Valentine’s Day
As per an Internet security provider, McAfee AvertLabs, on January 14, 2008, Nuwar gang came up with a latest edition of their social engineering scam for this Valentine's Day.
The nasty gang has again started to send spam mails with subjects linked with love and romance. The mail has a small message and also a link in it to some host infected with Nuwar which offers new forms.
The new variants are discovered as Nuwar.BH with the name of the file as withlove.exe. This malevolent piece downloads its configuration file together with a system driver in system32 folder. The names of both the files started with "burrito" and some random characters follow them.
The users got a mail with themes of Valentine viz. "Sending You My Love", "I Dream Of You" and "For You My Love" and the content directs the users to click a typical Nuwar-style link of http://some.numeric.address. On clicking the link or at the image of heart, with_love.exe gets installed in the system.
The Nuwar storm was first created in late 2006 with subjects like the US President expired. The techniques of social engineering take precedence of real life events like Labor Day, the National Football League season, the Kyrill storm in Central Europe January 2007, Halloween and holidays which include July 4,2007. While the infections of Nuwar are worldwide, the US still remains the hotspot of the attackers. Almost 28% of the total Internet Protocol (IP) addresses from which Nuwar-related spammed mail messages took birth are based in the US.
The authors of Nuwar have tried to employ various methods to surpass detection methods like embedding the malware in a password protected .ZIP or .RAR archive or by accessing .GIF images (WORM_NUWAR.EN) in the body of the spammed mail messages.
The Nuwar threat has consistently growing in call to various techniques of detection which are based on standard social engineering. Various potential applications of the STORM/NUWAR botnet, like large scale identity theft, can prove to be more attractive to the owners of botnets and even more deteriorating for users and enterprises.
Related article: NRI Charged Rs 12.85 Lakh in Compensation from ICICI Bank
» SPAMfighter News - 01-02-2008