New Nuwar

Yet another new set of Nuwar (storm worm) spam mails are coming out. Be on the look out for emails like the following:

Dear Customer,

Our robot has detected an abnormal activity from your IP adress
on sending e-mails. Probably it is connected with the last epidemic
of a worm which does not have official patches at the moment.

We recommend you to install this patch to remove worm files
and stop email sending, otherwise your account will be blocked.

Customer Support Robot

The downloaded executable is named "patch.exe"

****URLS BELOW ARE POSTED FOR RESEARCH PURPOSES ONLY VISIT AT YOUR OWN RISK****

Worm Detected!
Customer Support Center
nrp @ eyou.com
http:// 74.227.240.152/ ?a3b01bdad81d9b848ca9a8

Worm Activity Detected!
Customer Support
qof @ calgarypolice.ca
http:// 66.31.89.82/ ?2989907cd64e28cae3d7703a3b01bdad81d9b

Spyware Alert!
Customer Support Robot
vyjig @ kbhr933.com
http:// 203.192.225.72/ ?b161d496d2989907cd64e28cae3d7703a3b01bd

Spyware Detected!
Customer Support Robot
vyjig @ kbhr933.com
http:// 76.24.0.216/ ?8ee7c634591933434671c1

Trojan Alert!
Administrator
aupl @ nyc.rr.com
http:// 69.177.200.82/ ?1c8a8aa50bb1c20bb5790c08a823e9627257

Malware Alert!
Customer Support Robot
xas @ evercell.com
http:// 81.48.51.112/ ?8a823e96272575cbc68911e6c36a4bc9

Virus Activity Detected!
Mailer-Deamon
bij @ fibertel.com.ar
http:// 76.83.102.143/ ?8088aea28abd4d55393e4dd7ae5b23933

ATTN!
Customer Support Center Robot
gal @ madbrands.com
http:// 66.68.92.35/ ?e7c634591933434671c16a2e59b1283bd17061a

Worm Alert!
Administrator
djn @ lge.com
http:// 81.236.145.163/ ?58e47d14c775ed2175ee0c2a4c1c8a8aa50

****URLS ABOVE ARE POSTED FOR RESEARCH PURPOSES ONLY VISIT AT YOUR OWN RISK****

Microsoft Releases Early Patch for ANI Exploit

Today Microsoft broke from its normal update schedule to release a patch for the ANI exploit that was made public last week.

Spread the word and get your family, friends, and coworkers updated.

More about the patch can be found at the link below. http://www.microsoft.com/technet/security/bulletin/ms07-apr.mspx

Nice to see a patch pushed so fast!

Latest Variant of Warezov Spreading Via Skype.

F-Secure Antivirus has reported a new variant of Warezov that is spreading through Skype.

This new variant is not self propagating and spreads through the clicking of a url that leads to the infected file. This url is sent to all of a users contacts.

Websense has more information about this new variant here.

Julie Amero Sentencing Postponed

Many of you have heard about the substitute teacher from Norwich, CT who was convicted on four counts of injury to or impairing the morals of children and faces up to 40 years in prison.
If you haven't Google "Julie Amero" and get caught up.

Her sentencing was postponed till March 29th and has now once again been postponed till April 26th, we can only hope the delay in sentencing bolds well for Julie and we wish her the best of luck in a horrible situation that should have never happened.

Microsoft Animated Cursor Exploit

Today Microsoft released Microsoft Security Advisory (935423), the advisory deals with a vulnerability in how Microsoft deals with Animated Cursor (.ani) files.

This exploit can be used through websites or email (both plain text and html) and effects Windows 2000 all the way up to Windows Vista.

More information can be found at the above link or at ISC Sans