New Storm Worm Going around
We've received a bunch of emails in the past few minutes indicating the possible presence of a new Worm.
We are being told that it is a "Nuwar/Zhelatin" virus with Virtual Machine detection capabilities. Basically looks like a rehash of the same ol' Storm worm.
Apparently it indicates itself as a "Patch" for the "New worm" that is going around (whatever that may be, there are just so many I could choose from!)
The Subject of the email (that we have seen so far) say:
"Worm Alert!"
"Worm Detected"
"Virus Alert"
"ATTN!"
"Trojan Detected!"
"Worm Activity Detected!"
"Spyware Detected!"
"Dream of You"
"Virus Activity Detected!"
It has two attachments, one being an image with 'panic-worded text', and the other is a password protected zip file, whose password is revealed in the image.
The zip file appears to be named:
"patch-<random 4 or 5 digit number>.zip"
"bugfix-<random 4 or 5 digit number>.zip"
"hotfix-<random 4 or 5 digit number>.zip"
"removal-<random 4 or 5 digit number>.zip"
(Thanks Jesper for the updates!)
Thanks everyone for writing in!
Joel Esler
Handler of the Day
http://handlers.sans.org/jesler
We are being told that it is a "Nuwar/Zhelatin" virus with Virtual Machine detection capabilities. Basically looks like a rehash of the same ol' Storm worm.
Apparently it indicates itself as a "Patch" for the "New worm" that is going around (whatever that may be, there are just so many I could choose from!)
The Subject of the email (that we have seen so far) say:
"Worm Alert!"
"Worm Detected"
"Virus Alert"
"ATTN!"
"Trojan Detected!"
"Worm Activity Detected!"
"Spyware Detected!"
"Dream of You"
"Virus Activity Detected!"
It has two attachments, one being an image with 'panic-worded text', and the other is a password protected zip file, whose password is revealed in the image.
The zip file appears to be named:
"patch-<random 4 or 5 digit number>.zip"
"bugfix-<random 4 or 5 digit number>.zip"
"hotfix-<random 4 or 5 digit number>.zip"
"removal-<random 4 or 5 digit number>.zip"
(Thanks Jesper for the updates!)
Thanks everyone for writing in!
Joel Esler
Handler of the Day
http://handlers.sans.org/jesler
Keywords:
0 comment(s)
×
Diary Archives
Comments