Year ends with festive worm barrage

Infected 'Happy New Year' messages spread widely.

2006 came to a close with a deluge of emails carrying wishes of peace and joy, but a sizeable proportion of them had a nasty hidden agenda. After several trojans posed as Christmas puzzles or slideshows, a major spam wave with subject lines including 'Happy New Year' and variations on the theme carried a new worm to the top of many prevalence charts in a matter of days.

Advertise on www.virusbtn.com

The worm, variously classed as 'Mixor', 'Dref', 'Luder' or 'Nuwar', aims to lull recipients left off-guard by the mood of the festive season into opening an attachment disguised as a greetings card. Once run, it infects the system, trying to disable anti-virus software and harvesting email addresses for further propagation, as well as dropping a variant of the Tibs downloader trojan, which then acquires further components. The downloaded content is believed to have varied considerably over the period of maximum propagation, with some reports suggesting a stock scam was the main aim of the campaign.

The spreading of the worm began a few days before the new year, and built rapidly, making up 95% of malware detections on New Year's Eve, according to some estimates. The total of infections is expected to place the worm at the top of December prevalence tables despite the late appearance. After dying down considerably with the start of 2007, reports continue to arrive of further infections as users return to their inboxes.

Users are as always advised to refrain from opening executable attachments; further details of the worm are available from F-Secure, Sophos, Symantec or Trend Micro.

04 January 2007

Tags:    del.icio.us  digg this! digg this

Quick Links



Poll

When do you install software updates?
As soon as they are released
As soon as I have some time
I take my time, but I always install them eventually
Only when I feel it is absolutely necessary
Never
Leave a comment
View 12 comments

Jobs Recruit Sidebar

Twitter Feed

virusbtn: RT @emailsecmatters: The typical spam message has sources as diverse as the spam lunch meat: http://ht.ly/2yucd
2 hours ago


virusbtn: Can anyone write a rap about our RAP tests (http://bit.ly/255ySQ) and submit it to the Symantec competition http://bit.ly/bOJg8r
6 hours ago


VB2010

VB2010 VB2010 will take place 29 September - 1 October 2009 at the Westin Bayshore, Vancouver, BC, Canada.
Virus Bulletin currently has 208,224 registered users.