Security Labs

Alerts

BOOKMARK THIS ALERT
  digg   |     del.icio.us   |     reddit
  newsvine   |     furl   |     technorati

Storm Worm update: Fake news on World War III

Date:07.09.2008

Threat Type: Malicious Web Site / Malicious Code

This is an update of our previous alert on the 4th of July Storm Worm outbreak.

Websense® Security Labs™ ThreatSeeker™ Network has discovered yet another peak in Storm Worm's spam campaign. This time the socially-engineered messages announce the start of World War III, indicating that U.S. forces just invaded Iran. The messages offer a video of this alleged recent drama.

Here is a screenshot of sampled spam messages:

The structure of the attack is similar to the 4th of July alert; initially, several exploits are delivered to the user’s browser under a script file named ind.php . The names of the socially-engineered executables in this attack are iran_occupation.exe and form.exe.

Here is a screenshot of the malicious Web site:

Here is a screenshot of the malicious Web site's source:

This discovery is also reported at:


Websense Messaging and Websense Web Security customers are protected against this attack.