The Happy New Year worm that caused mild alarm at the turn of the year now appears to be nothing more than a high-profile stock manipulation scam.
Panda Software reports the Nuwar.B worm variant is continuing its email spread at low levels using the same ‘Happy New Year’ greeting and postcard.exe attachment that arrived with the first wave of infection of the worm some days ago, although its high point has now probably passed.
But the worm’s intentions have become clearer with the passage of time. According to Panda, the intention behind the worm was simply to manipulate stocks by convincing recipients to buy shares in unnamed companies.
Anyone running the attached executable would find themselves infected with the Spammer.EN Trojan. The malware then sets out to harvest any email addresses it finds on the system to send out stock manipulation emails via specific servers the software is able to connect to. Infection appears to pose no direct risk to a user’s PC.
"In this case we see how an email worm is being used to make money," said Mikel Perez, of Panda Software’s Malware Detection Department.
"Most likely this is a criminal that has bought stocks at a low price, and has endeavored to increase their price and obtain large benefits by spreading Nuwar.B."