Storm Worm update: Fake news on World War III
Threat Type: Malicious Web Site / Malicious Code
This is an update of our previous alert on the 4th of July Storm Worm outbreak.
Websense® Security Labs™ ThreatSeeker™ Network has discovered yet another peak in Storm Worm's spam campaign. This time the socially-engineered messages announce the start of World War III, indicating that U.S. forces just invaded Iran. The messages offer a video of this alleged recent drama.
Here is a screenshot of sampled spam messages:
The structure of the attack is similar to the 4th of July alert; initially, several exploits are delivered to the user’s browser under a script file named ind.php . The names of the socially-engineered executables in this attack are iran_occupation.exe and form.exe.
Here is a screenshot of the malicious Web site:
Here is a screenshot of the malicious Web site's source:
This discovery is also reported at:
- US-CERT: New Storm Worm Variant Spreading (July 9, 2008 at 09:03 am)
- ZDNet Zero Day: Storm Worm says the U.S have invaded Iran
Websense Messaging and Websense Web Security customers are protected against this attack.