WORM_NUWAR.ARI |
|
| BugsAlert Home > WORM_NUWAR.ARI | |
|
To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.
Malware Overview This worm spreads by sending email messages, which contain a link that point to a remote copy of itself, using its own Simple Mail Transfer Protocol (SMTP) engine. Clicking on the said link downloads and executes a copy of this worm named HALLOWEEN.EXE. The said action also directs users to a site named Dancing Skeleton, as shown below:
This worm gathers target email addresses from files with the specific file name extensions. It then uses the Gmail and Yahoo! Mail addresses that it gathers to spoof the From field of the email message it sends out. Moreover, it downloads the message body it uses from certain URLs. This worm drops several files, including a Trojan detected as TROJ_PEACOMM.GS. It also terminates certain processes, if found running in memory. Original Source: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_NUWAR.ARI Learn more about WORM_NUWAR.ARI |
|
| Tags: worm nuwar.ari | |
Related Items |
|
|
FrSIRT - Xen "flask_op" Hypercall Local Buffer Overflow Vulnerability
|
|
|
CVE-2008-5217 (txtcms)
|
|
|
VU#406937: PhotoStockPlus Uploader Tool ActiveX stack buffer overflows
|
|
|
CVE-2008-5429 (incredimail)
|
|
|
CVE-2008-2868 (DUcalendar)
|
|
|
FrSIRT - Debian Security Update Fixes Iceweasel Code Execution Vulnerabilities
|
|
|
Blocked web sites
|
|
