TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
WORM_NUWAR.JQ
Overview
Solution

Malware type: Worm

Aliases: Trojan.Peacomm(Symantec), Troj/Dorf-BA(Sophos), Email-Worm.Win32.Zhelatin.xh(Kaspersky), Worm/Zhelatin.AP(Avira), W32/Zhelatin.G.gen!Eldorado (generic(F-Prot), W32/Nuwar@MM(McAfee)

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

 Medium

Distribution potential:

 High

Infection Channel 1 : Propagates via email

Description: 

Trend Micro threat researchers post findings and analyses on various threats in real-time at the Malware Blog. Users can find more information about this specific threat here.

To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

WORM_NUWAR.JQ Behavior Diagram

This worm arrives as attachment to email messages spammed by another malware or by a malicious user.

It drops a copy of itself. It also drops a non-malicious file.

It creates a registry entry to enable its automatic execution at every system startup. It also modifies registry entries as part of its installation routine.

It drops a component file detected by Trend Micro as RTKT_NUWAR.AA.

It propagates by sending email messages with links that redirect browsers to Web sites that contain a downloadable copy of itself.

For additional information about this threat, see:
Solution
Technical Details

Description created: Apr. 2, 2008 2:28:05 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.