New variant?

[Duh_OZ]

hxxp://xxx.bestlovelyric.com/mylove.exe

Just 2 reported 'suspicious'

Safe 7.0.17.0 2008.06.30 Suspicious File
Panda 9.0.0.4 2008.07.01 Suspicious file

I have NOD32 on my computer, it did report a possible NuWar variant.
NOD32 seems to not be reporting a crapload of files I submit to VT,
yet it always catches them on my end.

 

[jen]

hxxp://xxx.bestlovelyric.com/mylove.exe
Just 2 reported 'suspicious'
Safe 7.0.17.0 2008.06.30 Suspicious File
Panda 9.0.0.4 2008.07.01 Suspicious file
I have NOD32 on my computer, it did report a possible NuWar variant.
NOD32 seems to not be reporting a crapload of files I submit to VT,
yet it always catches them on my end.

McAfee's analysis:
W32/Nuwar@MM!F6D2E5FF
http://vil.nai.com/vil/content/v_146477.htm

-jen

 

[Duh_OZ]

Yes, looks like Storm Worm.

--

Yeah, getting plenty of them now. They came with a new 'hook' (you
are in my heart, you belong to me, etc). Better than the other ones
saying I have a stupid face or I'm a moron LOL.

 

[rekketoes]

Yeah, getting plenty of them now.   They came with a new 'hook' (you
are in my heart, you belong to me, etc).   Better than the other ones
saying I have a stupid face or I'm a moron LOL.

I even get Nuwar (storm) spammed with a link to fake antivirus
programs.

~ Do not remove -* spamtrap *-
(e-mail address removed)
rekketoes[at]gmail.com

 

[Duh_OZ]

I even get Nuwar (storm) spammed with a link to fake antivirus
programs.

Got my first 'hook' like that today, but the link was down so I can
only assume it was a link to malware LOL.

Damn things are still coming in daily ;-(