Year ends with festive worm barrage

Infected 'Happy New Year' messages spread widely.

2006 came to a close with a deluge of emails carrying wishes of peace and joy, but a sizeable proportion of them had a nasty hidden agenda. After several trojans posed as Christmas puzzles or slideshows, a major spam wave with subject lines including 'Happy New Year' and variations on the theme carried a new worm to the top of many prevalence charts in a matter of days.

The worm, variously classed as 'Mixor', 'Dref', 'Luder' or 'Nuwar', aims to lull recipients left off-guard by the mood of the festive season into opening an attachment disguised as a greetings card. Once run, it infects the system, trying to disable anti-virus software and harvesting email addresses for further propagation, as well as dropping a variant of the Tibs downloader trojan, which then acquires further components. The downloaded content is believed to have varied considerably over the period of maximum propagation, with some reports suggesting a stock scam was the main aim of the campaign.

The spreading of the worm began a few days before the new year, and built rapidly, making up 95% of malware detections on New Year's Eve, according to some estimates. The total of infections is expected to place the worm at the top of December prevalence tables despite the late appearance. After dying down considerably with the start of 2007, reports continue to arrive of further infections as users return to their inboxes.

Users are as always advised to refrain from opening executable attachments; further details of the worm are available from F-Secure, Sophos, Symantec or Trend Micro.

04 January 2007

Tags: del.icio.us digg this