PandaLabs has detected the presence of emails containing Nuwar.B, a new variant of the Nuwar family of worms. This malicious code uses the New Year as a ruse to infect computers. However, oddly enough, this is not a malicious code designed to cause an epidemic or damage computers but to artificially drive up certain prices on the stock market.
Nuwar.B reaches computers in a message with the subject Happy New Year! The message text is blank, and includes a file with the name postcard.exe, which contains the worm. Also, in order to gain credibility, it spoofs the sender’s address, pretending to come from various users.
If the target user runs the attached file, Nuwar.B copies itself to the system and downloads a copy of the Spammer.EN Trojan to the computer. The Trojan then connects to certain email servers in order to send out spam to the addresses it finds on the affected system. This spam contains publicity trying to convince users to buy certain stocks to increase their price rapidly.
Everything seems to indicate that the creator(s) of Nuwar.B have sent out the worm as spam, manipulating certain email servers in an attempt to distribute it as quickly as possible. The proactive TruPrevent Technologies have detected Nuwar.B without prior identification, so computers that have them installed have been protected from the outset
According to Mikel Perez, Director of the Malware Detection Department, “This is just another turn of the screw in the field of cyber-crime. In this case we see how an email worm, a type of threat clearly in decline as a result of the new financial motivation behind the actions of malware creators, is also being used to make money. Most probably this is a criminal that has bought stocks at a low price, and has endeavored to increase their price and obtain large benefits by spreading Nuwar.B”.
Panda Software clients that don’t yet have TruPrevent Technologies have the updates available to install them along with their antivirus and ensure they have prevented protection against unknown viruses and intruders.
Panda Software also offers users Virus Alerts, an e-bulletin in English and Spanish that gives immediate warning of the emergence of potentially dangerous malicious code.
