You're in: Panda Security > Home Users > security-info > about-malware > encyclopedia > overview
Active Scan. Scan your PC free
Panda Security Product Line 2012

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

Encyclopedia GetVirusCard True 0

Nuwar.OL

 
Threat LevelLow threatDamageHighDistributionNot widespread

Effects 

The main objective of Nuwar.OL is to spread and affect as many computers as possible.

Additionally, it uses rootkit techniques in order to make its detection more difficult. In order to do so, it drops the rootkit detected as Rootkit/Nuwar.ON, which hides the files belonging to Nuwar.OL.

Infection strategy 

Nuwar.OL creates the following files in the Windows system directory:

  • SERVICES.EXE, which is a copy of itself.
  • BURITO2F06-838.SYS, BURITO2FC7-1E51.SYS, BURITO7620-1C4E.SYS, BURITOE79-3D90.SYS and BURITO.INI.
    These files belong to a rootkit detected as Rootkit/Nuwar.ON, which hides the files belonging to Nuwar.OL.

 

Nuwar.OL creates the following entries in the Windows Registry:

  • HKEY_LOCAL_MACHINE\ SYSTEM\ ControlSet001\ Services\ burito2f06-838
  • HKEY_LOCAL_MACHINE \ SYSTEM\ ControlSet001\ Services\ burito2fc7-1e51
  • HKEY_LOCAL_MACHINE \ SYSTEM\ ControlSet001\ Services\ burito7620-1c4e
  • HKEY_LOCAL_MACHINE\ SYSTEM\ ControlSet001\ Services\ buritoe79-3d90
    By creating these entries, the rootkit registers itself as a service. This way, it would be run whenever Windows is started.

Means of transmission 

Nuwar.OL spreads via email. In order to do so, it carries out the process below:

  • It reaches the computer in an email message with the following characteristics:

    Subject: it can be one of the following:
    A Dream is a Wish
    A Is For Attitude
    A Kiss So Gentle
    A Rose
    A Rose for My Love
    A Toast My Love
    A Token of My Love
    Come Dance with Me
    Come Relax with Me
    Dream of You
    Eternal Love
    For You….My Love
    Heavenly Love
    Hugging My Pillow
    I Dream of you
    I Love Thee
    I Love You Because
    I Love You Soo Much
    I Would Dream
    If Loving You
    Inside My Heart
    Love Is…
    Love Remains
    Magic Power Of Love
    Memories of You
    Miracle of Love
    My Love
    Our Journey
    Our Love is Free
    Our Love is Strong
    Our Love Nest
    Our Love Will Last
    Pages from My Heart
    Path We Share
    Sending You All My Love
    Sending You My Love
    Sent with Love
    Special Romance
    Surrounded by Love
    The Dance of Love
    The Miracle of Love
    The Mood for Love
    The Moon & Stars
    The Time for Love
    When I’m With You
    Why I Love You
    Words in my Heart
    You’re in my Soul
    You’re my Dream
    You’re the One
    You… In My Dreams

    Message:
    The message contains a link to a certain website.
  • If the link is followed, a malicious website is opened:

  • Nuwar.OL sends this message to all the contacts included in the user's Address Book, using its own SMTP engine.

Further Details  

Nuwar.OL is 114,689 bytes in size.