- Gmail secure paypal and ebay users
- Matt Cutt gave new wordpress security tips
- Safe mode helps you diagnose problems
- Encrypting through USB drive
- This security update resolves two privately reported vulnerabilities in Outlook Web Access
- Domain Name System (DNS) is responsible for translating host names to IP
- WEP is an encryption scheme based on the RC-4 cipher
- McAfee, Inc. Endpoint Encryption Deployed by NHS for Widespread Data Protection
|
|||||||||||||||||
 |
|||||||||||||||||
|
ZIP then, RAR now. What’s next?
Thursday, April 26, 2007, 7:04
This news item was posted in Computer security Systems category and has 0 Comments so far.
NUWAR is at it again. It has tweaked its technique one more time.
Last week, WORM_NUWAR.AOP was found arriving as a file contained in a password-protected ZIP archive, an attempt to evade file scanning. The password to the archive is in an image used as message body, an attempt to evade anti-spam technology. While NUWAR is known for its distinct social engineering schemes — either by using sensational email messages about war or love, or by using incredibly timely email details — WORM_NUWAR.AOP had an interesting scheme itself. It used email messages posing as a notification from an antivirus company. “Worm Detected!” the email message declared.
Apart from the specific detection for the file within the archive, Trend Micro also detects the malicious password-protected ZIP file as WORM_NUWAR.ZIP.
Now, a new NUWAR variant is making its rounds contained in a password-protected RAR archive. Detected by Trend Micro as WORM_NUWAR.AOS, the worm was spammed using email messages that continue what WORM_NUWAR.AOP started, albeit with a wider scope: the email messages now also declare “Virus Detected!” and “Spyware Detected”, among others. As with WORM_NUWAR.AOP, the message body is an image file. Trend Micro detects the malicious password-protected RAR archive as WORM_NUWAR.RAR. WORM_NUWAR.AOS, however, was clearly spammed, because it has a propagation routine of its own using email messages that NUWAR has been associated with — messages of love. “For You….My Love”, “I Love Thee”. Like several of its predecessors, on execution WORM_NUWAR.AOS drops NUWAR’s partner-in-crime, TROJ_SMALL.EDW, known for creating P2P-based connection between all affected computers, forming a link that ultimately assists NUWAR in its own pump-and-dump spam attack.
With the release of WORM_NUWAR.AOS, it doesn’t look like NUWAR is letting up any time soon. In just a few months, it has shown an interesting pattern of social engineering tactics. Its authors seem to be always watching [...]
Read more at Eric Avena
Related posts
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.