BleepingComputer.com: Exe Malware Spammed Under "missile War" Subjects

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Exe Malware Spammed Under "missile War" Subjects

#1 User is offline   quietman7 

  • Bleepin' Janitor
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Global Moderator
  • Posts: 25,518
  • Joined: 09-July 05
  • Gender:Male
  • Location:Virginia, USA

Posted 09 April 2007 - 07:48 AM

Quote

A large amount of malicious email has been sent with subjects suggesting a missile strike to civilian targents in Iran:

"USA Just Have Started World War III"
"Missle Strike: The USA kills more then 20000 Iranian citizens"
"Israel Just Have Started World War III"
"USA Missile Strike: Iran War just have started"

A malicious executable with "video.exe", "movie.exe" etc. is attached...

http://www.f-secure.com/weblog/archives/ar...7.html#00001164
http://isc.sans.org/diary.html?storyid=2586
Microsoft MVP - Consumer Security 2007-2012 Posted Image
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#2 User is offline   harrywaldron 

  • Security Reporter
  • PipPipPipPip
  • Find Topics
  • Group: Members
  • Posts: 509
  • Joined: 10-April 04
  • Gender:Male
  • Location:Roanoke, Virginia

  Posted 09 April 2007 - 08:49 AM

Nuwar Mass Mailer - Avoid Missile Strike/Political emails

This new mass mailer email worm is circulating extensively and is a sophisticated attack (includes rootkit, downloading of additional malware agents, and setting up it's own network of infected users). I have seen a few copies in my personal email, so this new attack is out there and is being circulated extensively.

Some links include:

ISC: Avoid Missile Strike/War Themed emails
http://isc.sans.org/diary.html?storyid=2586

McAfee: Nuwar Variant - DAT 5005 offers best protection
http://vil.nai.com/vil/content/v_140835.htm

Trend Micro: WORM_NUWAR.AOK
http://www.trendmicro.com/vinfo/virusencyc...AOK&VSect=T

F-Secure: Zhelatin.CQ
http://www.f-secure.com/v-descs/email-worm...elatin_cq.shtml

W32.Mixor.AR
http://www.symantec.com/enterprise/securit...-99&tabid=2

Sophos - W32/Dref-AF
http://www.sophos.com/security/analyses/w32drefaf.html

Quote

MAIL TO BLOCK OR AVOID:

Subject:
• Iran Just Have Started World War III
• Israel Just Have Started World War III
• Missle Strike: The USA kills more then 1000 Iranian citizens
• Missle Strike: The USA kills more then 10000 Iranian citizens
• Missle Strike: The USA kills more then 20000 Iranian citizens
• USA Declares War on Iran
• USA Just Have Started World War III
• USA Missle Strike: Iran War just have started

Message body: {blank}

Attachment:
• Click Here.exe
• Click Me.exe
• More.exe
• Movie.exe
• News.exe
• Read Me.exe
• Read More.exe
• Video.exe

Microsoft Security Journal

#3 User is offline   RELOADED 

  • Senior Member
  • PipPipPipPip
  • Find Topics
  • Group: Members
  • Posts: 476
  • Joined: 16-February 07
  • Gender:Male
  • Location:Bahrain - East Riffa

Posted 10 April 2007 - 04:44 AM

Thanks for the article to avoid this malware spammed "missile war" :thumbsup:
No goal is worthy of our time and effort if all we are going to get out of it is an end result.
If I have been helping you and I don't reply within 48 hours, please shoot me a PM. Thanks.

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users