New Storm Worm - uses constant polymorphic based repacking routines
Below are recent links on the latest "animated e-card variants". One point of concern comes from AVERT Labs on the constant repackaging of Nuwar to evade AV detections EVERY FEW MINUTES. No wonder AV vendors are in the 30% detection range, as Nuwar is constantly mutating in an automated fashion. A few years ago, security researchers speculated on the "super worm" that would constantly mutate so that AV detection strings couldn't keep pace with in-the-wild copies circulating. Unfortunately, we're getting closer to seeing this prediction come true
AVERT LABS - Keeping up with Nuwar
QUOTE: Well, given that Nuwar is polymorphically repacked every few minutes and a functionally new version is released every day, that was hardly surprising. I zipped the samples up and sent them to our virus researchers to produce detection for them ...
F-Secure - Zhelatin gang changing tactics
QUOTE: Over the last few weeks, we've seen tons of ecard.exe spam, where fake greeting card mails have been spammed out. The messages have not contained an attachment, but just links to web sites that offer a download of one ecard.exe to your machine.Since last night, the messages have changed. You still get the normal greeting card spam. But when you follow the link, the web site now talks about the need for you to install "Microsoft Data Access" to your computer ...
WebSense Alert on new storm worm