We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Worm:Win32/Nuwar.JT
Detected by Microsoft Defender Antivirus
Aliases: Packed.Win32.Tibs.ab (Kaspersky) W32/Nuwar@MM (McAfee) Tibs.gen124 (Norman) Mal/Dorf-A (Sophos) Trojan.Packed.13 (Symantec) Possible_Nucrp-3 (Trend Micro)
Summary
Win32/Nuwar is a family of Trojan droppers that installs a distributed peer-to-peer (P2P) downloader Trojan. This downloader Trojan in turn downloads a copy of a mass-spamming Trojan which further distributes the malware.
On July 8, 2007, large numbers of Win32/Nuwar were mass-spammed in email masquerading as a virus warning from the recipient's ISP. The email included a link pointing to a remote Web site which, when clicked, attempted to download and run the Trojan on recipients' systems. The downloaded Trojan is detected by Microsoft as Worm:Win32/Nuwar.JT.
Manual removal is not recommended for this threat. To detect and remove this threat and other malicious software that may have been installed, run a full-system scan with an up-to-date antivirus product such as Microsoft Security Essentials, or the Microsoft Safety Scanner. For more information about using antivirus software, see http://www.microsoft.com/security/antivirus/av.aspx.
Follow us
