Nurech.B arrives in emails with subject lines such as 'Happy Valentine's Day', 'Valentines Day Dance' and 'The Valentines Angel'.
The email 'sender' is always a woman's name such as Sandra, Willa, Wendy or Vicky, PandaLabs reported.
An attachment simulates an e-greeting card using file names like 'Greeting Postcard.exe', 'Greeting card.exe', or 'Postcard.exe'.
When users click on the attachment it creates a copy of the worm on the hard drive, and then conceals its presence using rootkit-like functions.
The worm also disables certain antivirus, anti-spyware, and security applications installed on the system.
Luis Corrons, technical director at PandaLabs, said: "The objective is to trick users into opening the attachment using enticing subject lines related to the romantic holiday.
"This type of trick is usually quite successful, so we strongly advise users never to open any attachment that they have not requested, regardless of what it seems to contain."
Nurech.A launched last week using similar methods and continues to spread, maintaining an 'orange' alert level, according to Panda Labs.
.png&h=140&w=231&c=1&s=0)
_(5).jpg&h=140&w=231&c=1&s=0)
.png&h=140&w=231&c=1&s=0)
.png&w=100&c=1&s=0)
iTnews Benchmark Security Awards 2025
Digital Leadership Day Federal
Government Cyber Security Showcase Federal
Government Innovation Showcase Federal
Digital NSW 2025 Showcase
_(1).jpg&h=140&w=231&c=1&s=0)
