TechShoutAdd to My AOL, MyYahoo, Google, Bloglines


Early Threat Prevention Signatures against Fast-Spreading ‘Happy New Year’ Worm deployed by SonicWALL

          0 Votes
Tuesday, January 2nd, 2007 | Related entries: Security, Software

SonicWALL logo Network, Web, email security and backup and recovery solutions provider SonicWALL Inc., has installed early protection against a speedily proliferating variant of the Nuwar worm, which is spreading via emails containing seasonal greetings in the subject line.

In the past eight hours the rate of infection has risen quickly, and it was perhaps one of the biggest threat outbreaks of 2006.

Once a computer is infected with the Happy New Year worm , it searches for open mail proxies and starts sending email to infect other computers. According to SonicWALL, the mass-mailing worm is already moving swiftly across the Internet, installing multiple codes on victims’ computers and then protecting them with rootkit.

Users of SonicWALL’s Unified Threat Management technology, which protects against viruses, Trojans, worms and other threats and vulnerabilities, have automatically received updated signatures designed to repel the Nuwar worm.

The Happy New Year worm spreads via email, in most cases with the subject line “Happy New Year!” containing attachments typically named as one of the following: “Greeting Card.exe”, “Greeting Postcard.exe”, “Postcard.exe”, “greeting card.exe”, “greeting postcard.exe”, or “postcard.exe”. Upon execution, the worm tries to disable running Anti-Virus processes and drops a Tibs Trojan on the infected computer system. Next, the worm tries to download additional malicious code from the remote Web site.

At the time of propagation, the Happy New Year worm sends a copy of itself by using its own SMTP engine to the email addresses found in the address book of the infected PC. In some instances, the worm sends a malformed executable copy (i.e. containing an incorrect executable header) that could be considered harmless and can simply be treated as SPAM email.

Very early samples of this variation on the Nuwar worm were first found in the wild on December 29th, 2006. On December 30th SonicWALL issued the following signatures created to guard against this threat:

  • Gateway Anti-Virus Signatures
    - Nuwar.B (Worm)
    - Nuwar.C (Worm)
  • Intrusion Prevention Signatures
    - VIRUS Greeting Card.exe attachments 1 (SID: 1051)
    - VIRUS Greeting Card.exe attachments 2 (SID: 1052)
    - VIRUS Greeting Card.zip attachments 1 (SID: 1053)
    - VIRUS Greeting Card.zip attachments 2 (SID: 1054)

    • RSS | Permanent Link  |   book mark Early Threat Prevention Signatures against Fast-Spreading ‘Happy New Year’ Worm deployed by SonicWALL in del.icio.usDel.icio.us  |   See this page in technoratiCosmos  |   submit Early Threat Prevention Signatures against Fast-Spreading ‘Happy New Year’ Worm deployed by SonicWALL to digg.comDigg  |   submit Early Threat Prevention Signatures against Fast-Spreading ‘Happy New Year’ Worm deployed by SonicWALL to slashdot.comSlashdot
    |

    Related:

    « Gears of War and Viva Piñata Microsoft Xbox 360 Games launch in India: Video
    Spectrec MiniSD and MicroSD Video-Out Adapter debuts, Displaying Your Pocket PC on a Larger Screen »

    Leave a Reply

    *
    To prove you're a person (not a spam script), type the security word shown in the picture.
    Anti-Spam Image

     
    Web TechShout.com