TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
WORM_NUWAR.BK
Overview
Solution

Malware type: Worm

Aliases: Trojan.Peacomm.D(Symantec), Mal/Dorf-K(Sophos), Email-Worm.Win32.Zhelatin.ta(Kaspersky), TR/Peed.ITK.57(Avira), W32/Stormworm.AK (exact)(F-Prot), W32/Nuwar@MM(McAfee)

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

 High

Distribution potential:

 High

Infection Channel 1 : Propagates via email

Infection Channel 2 : Spammed via email

Description: 

To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

WORM_NUWAR.BK Behavior Diagram

Malware Overview

This worm propagates by sending email messages containing a link, which redirects users to a malicious Web site where a copy of itself can be downloaded.

The following is a screenshot of a sample email message:

spammed email message

The link on the said message points to a Web page with an image of a heart, as follows:

Clicking on the said heart image downloads this worm on the affected system.

It drops a file detected by Trend Micro as TROJ_PEACOMM.BM. As a result, malicious routines of dropped file are exhibited on the affected system.

For additional information about this threat, see:
Solution
Technical Details

Description created: Jan. 15, 2008 9:26:04 PM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.