New Nurech worm exploits Valentine’s Day

PandLabs has detected the Nurech.B worm, which arrives under the guise of Valentine’s messages. Its predecessor, Nurech.A, caused an orange alert status some days ago using the same jeans.

Panda’s TruPreventTM proactive technologies have detected and blocked Nurech.B with no need for prior identification. Computers that have them installed have therefore been protected at all times.

The email messages carrying Nurech.B have a variable subject. These include: “Happy Valentine’s Day”, “Valentines Day Dance”, “The Valentines Angel”. The email sender also varies, although it is always a woman’s name such as Sandra, Willa, Wendy or Vicky.

The message attachment containing the worm simulates an e-greeting card, using names like “Greeting Postcard.exe”, “Greeting card.exe” or “Postcard.exe”.

If users run the attached file, the worm creates various files on the computer. One of them is a copy of itself, while another is a rootkit that conceals Nurech.B’s presence.  The worm also disables various security applications that could be installed on the system.

“The author of this worm is determined to cause an epidemic by exploiting Valentine’s Day.  It would seem that as its predecessor, Nurech.A, provoked an alert some days ago, they are giving it another try on Valentine’s Day in order to be more effective” confirms Luis Corrons, technical director of PandaLabs, who warns: “Do not open any Valentine greetings or other messages without scanning them previously with an up-to-date antivirus solution”.

All users that want to know whether their computers have been attacked by these or other malicious code can use ActiveScan, the free solution available at: www.pandasoftware.com/activescan.  Users can carry out a complete inspection, free of charge, of all the areas of their computers that they suspect may be infected.