It logs the keystrokes typed by the user, receives instructions via an IRC server and disables the Windows XP firewall. It spreads via email and instant messaging programs.

Windows 2003/XP/2000/NT/ME/98

Nugache.M is a worm that logs the keystrokes typed by the user. This way, it could obtain confidential information about the user, such as passwords.

Additionally, it disables the Windows XP firewall and it connects to an IRC server in order to receive instructions, such as launching denial of service (DoS) attacks or connecting to an FTP server.

Nugache.M spreads via email and instant messaging programs, such as AOL Instant Messenger (AIM) and MSN Messenger.

Nugache.M is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.

However, it is easy to recognize when it spreads via email, as it reaches the computer in a message with the following characteristics:

• Subject: one of the following:
  k, here
  hey!
  hey
  FW:
  okay
  here
  hi
  hey there
  light
  what up
  lol
  heh
  sup
• Attached file: one of the following:
  SELF NUDE.SCR
  MY PIC.SCR
  DSC1060193.SCR