BIOS: Technology Means Business

SonicWALL, amongst others, has deployed early protection against a rapidly proliferating variant of the Nuwar worm, which is spreading via e-mails containing seasonal greetings in the subject line.

The rate of infection has picked up rapidly over the past 24 hours, and seems set to become one of the biggest threat outbreaks of the year.

Once a computer is infected, it looks for open mail proxies and begins sending e-mail to infect other computers. The mass-mailing worm is already moving quickly across the Internet, installing multiple codes on victims' computers and then protecting them with rootkit.

The worm spreads via e-mail, in most cases with the subject line ‘Happy New Year!’ containing attachments typically named as one of the following: ‘Greeting Card.exe’, ‘Greeting Postcard.exe’, ‘Postcard.exe’, ‘greeting card.exe’, ‘greeting postcard.exe’, or ‘postcard.exe’. Upon execution, the worm attempts to disable running anti-virus processes and drops a Tibs Trojan on the infected computer system. Subsequently, the worm tries to download additional malicious code from the remote Web site.

During propagation, the worm sends a copy of itself by using its own SMTP engine to the e-mail addresses found in the address book of the infected PC. In some instances, the worm sends a malformed executable copy (i.e. containing an incorrect executable header) that could be considered harmless and can simply be treated as SPAM e-mail.

Very early samples of this variation on the Nuwar worm were first discovered in the wild on 29 December, 2006.

[Best AV Software Pricing UK]
[Best AV Software Pricing US]