After a series of holiday related campaigns, Nuwar (a.k.a. Storm) is back to its ecard routine. E-mails promising funny ecards are being spammed all over the Internet. The usual http://numeric-IP/ links inside lead to a page like this:
A click on the picture leads to postcard.exe download, a click on the “click here” - to e-card.exe download. If nothing is clicked, in five seconds ecard.exe download is started automatically. Needless to say, all of the files are Nuwar.
March 15th, 2008 at 3:12 am
Why may we not see the website where its directing to ?
Any user with a small amount of brain understand not to go to that site. I need it to protect my network, so i need that site, so i can block it.
March 15th, 2008 at 8:22 am
Michel,
There always are people with more curiousity than prudence. Children, for example. I don’t want to be responsible for letting them infect their computers. As for your need to know to be able to block that site - well, it’s not a single site. At any give moment there are thousands upon thousands of Nuwar-infected computers that serve those pages and malware. And they come and go. Blocking just one of them won’t do you much good.