These two days,variants of Trojan-Downloader.Win32.Nurech are very activity,they have been masquerading as various German organizations,and spreading via spams.
Today,we received a variant which pretends to be from Quelle.de.Be careful please!
The spam is as the following: ====== From: info@odenwald-quelle.de (like this address) Subject: Ihre Quelle.de Rechnung [...]
Microsoft has released Advance Notification for June 2007.
As while, a trojan spam is masquerating as Microsoft Security Update now. The content of spams is about Security Update for Internet Explorer. Of course, it’s a trojan, Kaspersky detects it as Trojan-Downloader.Win32.Agent.avk.
The spams are as the following:
From: “MSIE Update” security14@microsoft.com
Subject: Microsoft Security Update
Body:
Microsoft Security Bulletin MS06-31
Cumulative Security [...]
We’ve received numurous spams about the subject of Internet Explorer 7 Downloads today. These spams look like from Microsoft, and a file “IE7.0.exe” will be downloaded. This is not real Internet Explorer 7, it’s Virus.Win32.Grum.a. If you meet the same spam, please delete it at once.
We have received some different downloaded urls, they are include:
http://cincinnatifeet.com/<removed>.exe
http://cincinnatifeet.com/<removed>.jpg
http://jpcommunications.net/images/<removed>.exe
http://jpcommunications.net/images/<removed>.jpg
http://tvz-archive.com/<removed>.exe
http://tvz-archive.com/<removed>.jpg
http://66.98.149.237/<removed>.jpg
http://arrestingphotography.com/<removed>.exe
http://arrestingphotography.com/<removed>.jpg
http://manualshop.com.ar/<removed>.jpg
http://abnoba.net/<removed>.exe
http://abnoba.net/<removed>.jpg
http://nottyweb.com/images/<removed>.jpg
http://gc-music.com/<removed>.exe
http://cyberbutt.com/<removed>.jpg
http://kcmancandy.com/<removed>.jpg
Some [...]
We just received a new variant of Trojan-downloader.win32.nurech (aka Yabe). It’s spreading via spam in Germany now. It is masquerated from cleverbridge.com, and masquerated as a confirmation order of “Avira AntiVir Products”. German users should be careful of these spams.
These spams are as the following:
From: cleverbridge / Avira GmbH. tech@cleverbridge.com
Subject: Referenznr.:595169: Ihre Bestellung von Avira [...]
A rootkit is a program that is designed to hide itself and other programs, data, and activity including viruses, backdoors, keyloggers and spyware on a computer systems. Scan PC Now!