Iraq News Email Scam

Date:08.04.2005

Threat Type: Malicious Website / Malicious Code

Websense Security Labs™ has received multiple reports of new email scam which attempts to lure users into visiting a malicious website. The message displays a short excerpt from an Associated Press story and then provides a link to read the rest of the story. If the link is followed, the malicious website displays a slightly modified version of the full story. Immediately after the website has loaded, encoded JavaScript embedded in the page attempts to compromise the workstation with two HTML Help exploits.

In the event that either of the exploits are successful, a Trojan downloader is placed on the workstation. The Trojan begins downloading a second malicious file, which is also a Trojan. The second Trojan has backdoor functionality that gives the attacker complete control of the workstation.

The first website involved in the attack is hosted in China, the second is in Russia. Both were online at the time of this alert.

Sample email text:

14 US Marines Killed in Iraq Bombing

Guardian Unlimited

By ROBERT H. REID. BAGHDAD, Iraq (AP) - 40 minutes ago.

14 US Marines were killed when a huge bomb destroyed their lightly armored vehicle,
hurling it into the air in a giant fireball in the deadliest roadside bombing
suffered by American forces in the Iraq war

Read more... <URL Removed>

Sample site screenshot: