Postcard greetings with a worm
A worm known as Nurech.A Downloader.Tibs, Zhelatin.r, Tibs.JR, and Mixor.Q is rampantly spreading. Antivirus software vendor Panda has issued an orange alert, and the new worm also heads the list in the frequency statistics at F-Secure. Heise's mail server has already received more than 600 items infected with the worm. Unlike the invoice trojans of the past few weeks, apparently this worm does not spread through bot networks, but rather independently copies itself to addresses it finds on victims' computers.
The subject line of the e-mail changes and the body of the e-mail is empty. However, there is an attached file is attached to the mail. Generally this is named Postcard.exe, or something similar. The malicious function executes only if and when the attachment is opened. Panda believes that the worm uses rootkit functions that make it hard to find and remove, once it has installed itself.
The numerous names for the worm indicate that vendors of antivirus software have been doing their work and providing updated signatures. Most of the major vendors already detect the contaminant with the notable exception of McAfee. The Common Malware Enumeration Projekt, which was founded to give contaminants unified names, has yet to react.