June 2011 MSRT release, added three new threat families to the detection capability.
One is Win32/Nuqel – “over 60 variants of Win32/Nuqel have been identified in the wild. This worm spreads itself via network shares, removable drives and instant messenger programs. These combined spreading methods make it very efficient in propagating, and it has gained prevalence lately,” revealed MMPC.
“Aside of the typical Autorun behavior, which’ll only provide a shrinking value to malware authors, Nuqel employs a disguise to fool victims. When infecting a machine with shared network drives, Nuqel copies itself to the folders on the network share with the name and icon of a folder. If the user clicks the icon, the worm will be activated.”
“If you don’t have any folder or file shared, Win32/Nuqel will create one for you as <Root Drive>\New Folder.exe, which’s another copy of itself,” MMPC stated.
“The other two threat families added are “Win32/Yimfoca” and “Win32/Rorpian,” both of which are also high-profile worms with several payloads and are also gaining prevalence these days,” added MMPC.