Skip navigation.
Home

Another Storm - Amero...

While it was "announced" by the nice folks from sudosecure.net for two days, I finally got my hands on this e-mail, leading to a new storm worm exe:

==
Subject: Amero currency Union is now the reality

The Amero is here hxxp://24.20.59.129/
==

As always, this wave will have several subjects and lots of zombie download-sites...

Virustotal
Anubis
File 2d61e13f42fe432efddf88c987344707

this program has-in packed

this program has-in packed other executable>
(Backdoor:WinNT/Nuwar.B!sys)
which in body has driver (Nuwar.B!sys) >
which in body has executable(Backdoor:Nuwar.A // Zhelatin?).