Sunday, July 8, 2007

New Nuwar

Yet another new set of Nuwar (storm worm) spam mails are coming out. Be on the look out for emails like the following:
Dear Customer,

Our robot has detected an abnormal activity from your IP adress
on sending e-mails. Probably it is connected with the last epidemic
of a worm which does not have official patches at the moment.

We recommend you to install this patch to remove worm files
and stop email sending, otherwise your account will be blocked.

Customer Support Robot
The downloaded executable is named "patch.exe"

****URLS BELOW ARE POSTED FOR RESEARCH PURPOSES ONLY VISIT AT YOUR OWN RISK****
Worm Detected!
Customer Support Center
nrp @ eyou.com
http:// 74.227.240.152/ ?a3b01bdad81d9b848ca9a8

Worm Activity Detected!
Customer Support
qof @ calgarypolice.ca
http:// 66.31.89.82/ ?2989907cd64e28cae3d7703a3b01bdad81d9b

Spyware Alert!
Customer Support Robot
vyjig @ kbhr933.com
http:// 203.192.225.72/ ?b161d496d2989907cd64e28cae3d7703a3b01bd

Spyware Detected!
Customer Support Robot
vyjig @ kbhr933.com
http:// 76.24.0.216/ ?8ee7c634591933434671c1

Trojan Alert!
Administrator
aupl @ nyc.rr.com
http:// 69.177.200.82/ ?1c8a8aa50bb1c20bb5790c08a823e9627257

Malware Alert!
Customer Support Robot
xas @ evercell.com
http:// 81.48.51.112/ ?8a823e96272575cbc68911e6c36a4bc9

Virus Activity Detected!
Mailer-Deamon
bij @ fibertel.com.ar
http:// 76.83.102.143/ ?8088aea28abd4d55393e4dd7ae5b23933

ATTN!
Customer Support Center Robot
gal @ madbrands.com
http:// 66.68.92.35/ ?e7c634591933434671c16a2e59b1283bd17061a

Worm Alert!
Administrator
djn @ lge.com
http:// 81.236.145.163/ ?58e47d14c775ed2175ee0c2a4c1c8a8aa50

****URLS ABOVE ARE POSTED FOR RESEARCH PURPOSES ONLY VISIT AT YOUR OWN RISK****