Content

W32/Nuwar@MM!rar

Type
Virus
SubType
E-mail
Discovery Date
04/24/2007
Length
Varies
Minimum DAT
5017 (04/25/2007)
Updated DAT
5166 (11/19/2007)
Minimum Engine
5.1.00
Description Added
04/24/2007
Description Modified
04/25/2007 12:10 AM (PT)
Risk Assessment
Corporate User
Low
Home User
Low

Tab Navigation

Characteristics

New spamming of W32/Nuwar@MM variants arrive in a password-protected RAR file with the password contained in an attached GIF image in the e-mail. 

The subject line may include one of the following:

  • Spyware Detected!
  • Trojan Detected!
  • Virus Alert!
  • Virus Activity Detected!
  • Warning!
  • Worm Alert!
  • Worm Detected!
  • Worm Activity Detected!

The GIF filename may include one of the following:

  • AbuseNotice.gif
  • AbuseReport.gif
  • AutoComplaint.gif
  • Complaint.gif
  • Message.gif
  • Notice.gif
  • Report.gif
  • UrgentNotice.gif

The RAR filename may be one of the following:

  • bugfix-####.rar
  • hotfix-####.rar
  • patch-####.rar
  • removal-####.rar

(where #### is a random four or five-digit number)

The executable file that it drops is detected with the 4971 DATs and higher as Downloader-BAI.gen.d.

Symptoms

Upon execution of the file in the RAR file, possibly due to a bug in this variant, on some language platforms the following error message is displayed:

 

For further information, please refer to the W32/Nuwar@MM description.

Method of Infection

please refer to the W32/Nuwar@MM description.

Removal

All Users:
Use specified engine and DAT files for detection and removal.

Additional Windows ME/XP removal considerations

Variants

Variants

    N/A

All Information

Overview -

New spamming of W32/Nuwar@MM variants arrive in a password-protected RAR file with the password contained in an attached GIF image in the e-mail. 

Characteristics

Characteristics -

New spamming of W32/Nuwar@MM variants arrive in a password-protected RAR file with the password contained in an attached GIF image in the e-mail. 

The subject line may include one of the following:

  • Spyware Detected!
  • Trojan Detected!
  • Virus Alert!
  • Virus Activity Detected!
  • Warning!
  • Worm Alert!
  • Worm Detected!
  • Worm Activity Detected!

The GIF filename may include one of the following:

  • AbuseNotice.gif
  • AbuseReport.gif
  • AutoComplaint.gif
  • Complaint.gif
  • Message.gif
  • Notice.gif
  • Report.gif
  • UrgentNotice.gif

The RAR filename may be one of the following:

  • bugfix-####.rar
  • hotfix-####.rar
  • patch-####.rar
  • removal-####.rar

(where #### is a random four or five-digit number)

The executable file that it drops is detected with the 4971 DATs and higher as Downloader-BAI.gen.d.

Symptoms

Symptoms -

Upon execution of the file in the RAR file, possibly due to a bug in this variant, on some language platforms the following error message is displayed:

 

For further information, please refer to the W32/Nuwar@MM description.

Method of Infection

Method of Infection -

please refer to the W32/Nuwar@MM description.

Removal -

Removal -

All Users:
Use specified engine and DAT files for detection and removal.

Additional Windows ME/XP removal considerations

Variants

Variants -

    N/A