Trend Micro is warning about a new virus that is circulating by email. The worm, called Nuwar.ay, arrives with the subject "Happy New Year" and is part of mass-mailed messages. It drops a copy of itself in the windows system folder. Like many of the successful viruses, it has its own email engine, meaning infected machines have no idea they are infected, as sent messages do not show up in their email software (I.E., Outlook, Outlook Express).
Once running, the virus
- terminates various processes that used for detection and prevention of infection,
- steals addresses from the infected machines Windows Address Book
- sends out emails with spoofed addresses, bearing a fixed set of common names
- makes registry modifications to disable Internet Connection Sharing and Windows Firewall service
- makes registry modifications to add the infection executable to start every time the machine starts
Anti-Virus company Sophos adds the information that the variant that they’ve observed
"includes functionality to access the internet and communicate with a remote server via HTTP."
This has additional infection implications.
Some Anti-virus companies have been pretty quick to post new definitions, but I worry about all those brand new Christmas PCs that may fall prey because they don’t have their anti-Virus configured, even though most new PCs come with some sort of trial anti-virus.
We’ll keep an eye on this, as there is an expectation that infection rates will be pretty high.