Home » News » Security » Nurech.A Worm Spreading Rapidly, Infecting Hundreds of Computers
PandLabs has detected a mass-mailing of messages containing the Nurech.A worm. This worm has been spreading rapidly over the last few hours, and has infected hundreds of computers. As a result, it is now one of the top ten viruses detected by ActiveScan, Panda Software's free online solution. Given the situation, and due to the high risk of infection, the company has declared an Orange virus alert status.
Panda Software's TruPreventTM proactive detection technologies have detected and blocked Nurech.A from the outset, therefore, all users that have them installed on their computers have been constantly protected.
This worm reaches computers by email, in a message with variable subjects such as Together You and I, Everyone Needs Someone or Cyber Love. The sender field also varies, although it always contains a woman's name. The file that contains the worm is an executable file with names such as flash postcard.exe or greeting postcard.exe.
When users run the attached file, Nurach.A installs on the computer. The worm is designed to terminate processes belonging to security tools and to look for addresses to spread to on the affected computer. This worm is particularly dangerous bearing in mind its rootkit features, aimed at hiding processes and making detection more difficult for security tools.
All signs seem to indicate that the authors of this worm are mass-mailing it to as many computers as possible, before the media can raise the alarm and users can protect themselves.
According to Luis Corrons, Technical Director of PandaLabs, "The objective is to trick users into opening the attached file by using an enticing subject, related in this case to romantic relationships, probably due to the proximity of Valentine's Day. This type of trick is usually quite successful, so we advise users not to open any attachment that they have not requested or run any files, regardless of what they seem to contain."
All users that want to know whether their computers have been attacked by this or other malicious code can use Panda ActiveScan, the free solution available at: http://www.pandasoftware.com/activescan. It will carry out a complete inspection of the computer should there be any sign of infection.