PandLabs, Panda Software’s malware detection laboratory, has detected the mass-mailing of messages containing the Nurech.A worm. This worm has been spreading rapidly over the last few hours, and has infected hundreds of computers. As a result, it is now one of the top ten viruses detected by ActiveScan, Panda Software’s free online solution. Given the situation, and due to the high risk of infection, the company has declared an Orange virus alert status.
Panda Software’s TruPrevent proactive detection technologies have detected and blocked Nurech.A from the outset, therefore, all users that have them installed on their computers have been constantly protected.
This worm reaches computers by email, in a message with variable subjects such as Together You and I, Everyone Needs Someone or Cyber Love. The sender field also varies, although it always contains a woman’s name. The file that contains the worm is an executable file with names such as flash postcard.exe or greeting postcard.exe.
When users run the attached file, Nurach.A installs on the computer. The worm is designed to terminate processes belonging to security tools and to look for addresses to spread to on the affected computer. This worm is particularly dangerous bearing in mind its rootkit features, aimed at hiding processes and making detection more difficult for security tools.
All signs seem to indicate that the authors of this worm are mass-mailing it to as many computers as possible, before the media can raise the alarm and users can protect themselves.