Discovered: 29 December 2006
Updated: 5 February 2007 8:47:29 PM
Also Known As: W32/Dref-V [Sophos], WORM_NUWAR.BH [Trend], WORM_NUWAR.EE [Trend], Win32/Luder.U [Computer Associates], Win32/Luder.O [Computer Associates], W32/Dref-AA [Sophos], W32/Tibs [Norman], W32/Dref@MM [McAfee], W32.Dref@mm [Sunbelt Software]
Type: Worm
Infection Length: 17,559 bytes; 47,235 bytes; 48,259 bytes; 51,310 bytes (varies)
Systems Affected: Windows 98, Windows 95, Windows XP, Windows Me, Windows NT, Windows 2000
W32.Mixor.Q@mm is a mass-mailing worm that drops additional malware on to the compromised computer. It may also drop a copy of Trojan.Galapoper.A (MCID 7483) or Trojan.Peacomm (MCID 9802) on to the compromised computer.
Protection
-
Initial Rapid Release version 30 December 2006
-
Latest Rapid Release version 24 November 2009 revision 006
-
Initial Daily Certified version 30 December 2006
-
Latest Daily Certified version 24 November 2009 revision 005
-
Initial Weekly Certified release date 3 January 2007
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.
Threat Assessment
Wild
-
Wild Level: Medium
-
Number of Infections: 1000+
-
Number of Sites: 10+
-
Geographical Distribution: Medium
-
Threat Containment: Easy
-
Removal: Moderate
Damage
-
Damage Level: Medium
-
Payload: Drops additional malware on to the compromised computer.
-
Compromises Security Settings: Ends security-related processes.
Distribution
-
Distribution Level: High
-
Subject of Email: Varies
-
Name of Attachment: Varies
Writeup By: Ka Chun Leung and Mircea Ciubotariu
Delicious
Tumblr
Reddit
Furl
Simpy
Digg
Technorati
Faves
Newsvine
Stumbleupon
