Variant of Nuwar/Storm worm. 10 out of 32 detects it

See earlier report on this happynewyear2008.exe where 14 out of 32 will detect a variant of storm worm.

Today, I've been deleting email that contains link to download an infected file:
Domain is familypostcards2008.com

stormwormdec30   stormwormlink

Only 10 (at the time of this writing and submission at Virustotal.com) will detect this variant:

stormwormdec30vt

stormwormdec30vtr

See also http://www.antirootkit.com/blog/2007/12/27/happy-new-rootkit/ for other domains that users should block in addition of blocking familypostcards2008.com

Published Sun, Dec 30 2007 5:38 by donna

Comments

Sunday, December 30, 2007 5:06 PM by anonymous coward (again)

# re: Variant of Nuwar/Storm worm. 10 out of 32 detects it

New storm domain appeared yesterday.

  Domain Name: FRESHCARDS2008.COM

  Registrar: ANO REGIONAL NETWORK INFORMATION CENTER DBA RU

  Whois Server: whois.nic.ru

  Referral URL: http://www.nic.ru

  Name Server: NS.FRESHCARDS2008.COM

  Name Server: NS10.FRESHCARDS2008.COM

  Name Server: NS11.FRESHCARDS2008.COM

  Name Server: NS12.FRESHCARDS2008.COM

  Name Server: NS13.FRESHCARDS2008.COM

  Name Server: NS2.FRESHCARDS2008.COM

  Name Server: NS3.FRESHCARDS2008.COM

  Name Server: NS4.FRESHCARDS2008.COM

  Name Server: NS5.FRESHCARDS2008.COM

  Name Server: NS6.FRESHCARDS2008.COM

  Name Server: NS7.FRESHCARDS2008.COM

  Name Server: NS8.FRESHCARDS2008.COM

  Name Server: NS9.FRESHCARDS2008.COM

  Status: clientTransferProhibited

  Updated Date: 29-dec-2007

  Creation Date: 29-dec-2007

  Expiration Date: 29-dec-2008