Luder Worm (Nuwar)
01-03-2007
Beware the Postcard.exe Greeting
As of the end of December 2006 we’re seeing a new wave of emails attempting to spread the Luder trojan via file postcard.exe. When executed, postcard.exe installs software that is in combination:
- an e-mail worm
- a dropper for a trojan downloader
- a file infector
This malware (malicious software) is known variously by the following names:
- Luder
- Email-Worm.Win32.Luder.a
- Trojan-Downloader.Win32.Tibs.jy
In addition as of Jan. 3, 2007 our clients and research systems have received emails pretending to be from a legitimate online electronic greeting card service, All-Yours.net. Note that All-Yours.net has nothing to do with this and are being exploited by those attempting to spread this trojan. (See an example of this email at the bottom of this post)
Attempts to spread the same trojan using a Happy New Year greetings have recently been on the Internet.
As always the best prevention against these attacks are:
- Have a high quality anti-virus program installed that has an active subscription to receive signature updates.
- Have a high quality anti-spyware program installed that has an active subscription to receive signature updates.
- DO NOT open emails or follow links received from unknown sources.
- Do not download and execute any files from unknown sources.
Additional Information on Luder Trojan
- Spyware database information for Trojan.Win32.Luder.A (Nuwar)
- This Trojan can be removed with Spyware Doctor.
Example of the email that will install the Luder trojan.
If you receive an email like this just delete it. DO NOT click on any of the links.
Posted by mike.shafer on 01-03-2007 at 10:01 am
Posted in Spyware - Latest Threats
After tapering off in frequency during mid January 2007 we’ve seen a recent up surge in emails like the above since around Jan. 28, 2007 to present (Feb. 3, 2007).
One common variant we’ve been receiving states “You have received a postcard from a family member” and links to a Romanian domain.