Search:

Newsletter:

Hackers roll out Valentine's Day rootkit

By Robert Jaques
16 February 2007 10:25AM
Tags: hackers | roll | valentines | rootkit

Related Articles

• Storm clouds Valentine's Day inboxes
• Valentine's Day spamming up a Storm
• Beijing plans widescale wireless roll out
• Optus to roll out 3G to 96 percent of Australia
• Valentine worm 'spreading fast'

Nurech.B spreads through e-card spoofs.

Security experts have detected a new mutant of the Nurech worm which, like its predecessor Nurech.A, arrives disguised as a Valentine's Day message.

Nurech.B arrives in emails with subject lines such as 'Happy Valentine's Day', 'Valentines Day Dance' and 'The Valentines Angel'.

The email 'sender' is always a woman's name such as Sandra, Willa, Wendy or Vicky, PandaLabs reported.

An attachment simulates an e-greeting card using file names like 'Greeting Postcard.exe', 'Greeting card.exe', or 'Postcard.exe'.

When users click on the attachment it creates a copy of the worm on the hard drive, and then conceals its presence using rootkit-like functions.

The worm also disables certain antivirus, anti-spyware, and security applications installed on the system.

Luis Corrons, technical director at PandaLabs, said: "The objective is to trick users into opening the attachment using enticing subject lines related to the romantic holiday.

"This type of trick is usually quite successful, so we strongly advise users never to open any attachment that they have not requested, regardless of what it seems to contain."

Nurech.A launched last week using similar methods and continues to spread, maintaining an 'orange' alert level, according to Panda Labs.

Copyright © 2008 vnunet.com