TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
WORM_NUWAR.AR
Overview
Solution

Malware type: Worm

Aliases: Trojan.Peacomm(Symantec), W32/Dorf-AX(Sophos), Email-Worm.Win32.Zhelatin.vg(Kaspersky), Worm/Zhelatin.pc(Avira), W32/StormWorm.gen1(F-Prot), W32/Nuwar@MM(McAfee)

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: Yes

Overall risk rating:

Reported infections:

Damage potential:

 Medium

Distribution potential:

 High

Infection Channel 1 : Propagates via email

Description: 

Trend Micro threat researchers post findings and analyses on various threats in real-time at the Malware Blog. Users can find more information about this specific threat here.

To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

WORM_NUWAR.AR Behavior Diagram

Malware Overview

This worm arrives as attachment to email messages spammed by another malware or a malicious user.

It drops files detected by Trend Micro as RTKT_NUWAR.UY.

It propagates by sending email messages containing a link, which redirects users to a malicious Web site where a copy of itself can be downloaded.

For additional information about this threat, see:
Solution
Technical Details

Description created: Feb. 12, 2008 5:39:12 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.