Year ends with festive worm barrage
Infected 'Happy New Year' messages spread widely.
2006 came to a close with a deluge of emails carrying wishes of peace and joy, but a sizeable proportion of them had
a nasty hidden agenda. After several trojans posed as Christmas puzzles or slideshows, a major spam wave with subject
lines including 'Happy New Year' and variations on the theme carried a new worm to the top of many prevalence
charts in a matter of days.
The worm, variously classed as 'Mixor', 'Dref', 'Luder' or 'Nuwar', aims to lull recipients left off-guard by the
mood of the festive season into opening an attachment disguised as a greetings card. Once run, it infects the system,
trying to disable anti-virus software and harvesting email addresses for further propagation, as well as dropping a
variant of the Tibs downloader trojan, which then acquires further components. The downloaded content is believed
to have varied considerably over the period of maximum propagation, with some reports suggesting a stock scam
was the main aim of the campaign.
The spreading of the worm began a few days before the new year, and built rapidly, making up 95% of malware detections
on New Year's Eve, according to some estimates. The total of infections is expected to place the worm at the top of
December prevalence tables despite the late appearance. After dying down considerably with the start of 2007, reports
continue to arrive of further infections as users return to their inboxes.
Users are as always advised to refrain from opening executable attachments; further details of the worm are available
from F-Secure,
Sophos,
Symantec or
Trend Micro.
04 January 2007
Tags:
del.icio.us 
digg this
