大砲開講

郵件名稱 (Subject) 有下面幾種：

A fresh new year
As the new year…
As you embrace another new year
Blasting new year
Happy 2008!
Happy New Year!
It’s the new Year
Joyous new year
New Hope and New Beginnings
New Year Ecard
New Year Postcard
Opportunities for the new year
Wishes for the new year
Happy New Year to You!
Happy New Year to
Lots of greetings on the new year
New Year wishes for You
Dance to the New 2008 Year tune

執行之後，有下面的行為 (具有隱匿行為)：

[Added service]
NAME: bldy1b60-7eb3
DISPLAY: bldy1b60-7eb3
FILE: \??\C:\WINDOWS\system32\bldy1b60-7eb3.sys

[Added file]
C:\Documents and Settings\Administrator\Desktop\happy-2008.exe
C:\WINDOWS\system32\bldy1b60-7eb3.sys
C:\WINDOWS\system32\bldy_sys.config

到目前為止 (2007/12/27 @ 22:02)，下面的防毒軟體可以偵測到這些惡意檔案 (僅提供參考)：

bldy_sys.config:
[ Microsoft ], "Backdoor:Win32/Nuwar.B!ini"
happy-2008.exe:
[ Symantec ], "Trojan.Peacomm"
[ McAfee ], "W32/Nuwar@MM"
[ McAfee_Beta ], "W32/Nuwar@MM"
[ Sophos ], "Mal/Dorf-H"
[ Panda_Beta ], "W32/Nuwar.MS.worm"
[ Nod32 ], "Win32/Nuwar.BA worm"
[ Fortinet ], "W32/Tibs.G@mm"
[ HBEDV ], "TR/Crypt.XDR.Gen"
[ Authentium ], "W32/Dropper.gen6″
[ WebWasher ], "Trojan.Crypt.XDR.Gen"
bldy1b60-7eb3.sys:
[ Microsoft ], "Backdoor:WinNT/Nuwar.B!sys"
[ McAfee ], "Downloader-BAI.sys.gen.a"
[ McAfee_Beta ], "Downloader-BAI.sys.gen.a"
[ CAV ], "Win32/Sintun!generic"
[ Nod32 ], "Win32/Nuwar.BA worm"
[ HBEDV ], "TR/Rootkit.Gen"
[ quickheal ], "Backdoor.Agent.dln"
[ WebWasher ], "Trojan.Rootkit.Gen"