Protecting Against Nuwar Virus

NETWORK anti-virus and content security software and services provider Trend Micro Inc has announced the return of the Nuwar virus, which was first discovered last year.

Then, Nuwar propagated through mass e-mailed messages with war- related subject lines and attached executable files capable of transforming PCs into spam and infectious worm e-mail generators.

The attached file, when run, dropped a downloader component onto the affected machine and planted copies of the mass e-mailer module. It then downloaded four other components which included a new downloader and a rootkit that hid the entire malware army.

Nuwar was also known to create a zombie network that sent “pump and dump” spam. “Pump and dump” is a financial fraud that involves creating an artificial demand for stocks so that their prices rise. It’s a scam that has proven profitable; as the stock prices reach their peak, the scammers sell their stocks and stop creating the artificial demand, and the stock prices naturally drop even faster than they rose.

Nuwar is clearly a social engineering attack, and users are the primary targets. For consumers, they should scan their e-mail and instant message (IM) file attachments with security software, and only open attachments from known or expected sources.

For enterprises, they need to implement a multi-layered approach that provides security at all possible entry points – including the Internet gateway, messaging gateway, endpoint clients, endpoint servers and the network.

They must also keep all browser and instant messenger security patches up-to-date and educate employees about the symptoms of infection, and how to protect servers, computers and mobile devices.

(c) 2007 New Straits Times. Provided by ProQuest Information and Learning. All rights Reserved.