Exe Malware Spammed Under "missile War" Subjects

BleepingComputer.com: Exe Malware Spammed Under "missile War" Subjects

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Page 1 of 1

You cannot start a new topic
You cannot reply to this topic

Exe Malware Spammed Under "missile War" Subjects

#1 quietman7

Bleepin' Janitor

Group: Global Moderator
Posts: 25,111
Joined: 09-July 05
Location:Virginia, USA

Posted 09 April 2007 - 07:48 AM

Quote

A large amount of malicious email has been sent with subjects suggesting a missile strike to civilian targents in Iran:

"USA Just Have Started World War III"
"Missle Strike: The USA kills more then 20000 Iranian citizens"
"Israel Just Have Started World War III"
"USA Missile Strike: Iran War just have started"

A malicious executable with "video.exe", "movie.exe" etc. is attached...

http://www.f-secure.com/weblog/archives/ar...7.html#00001164
http://isc.sans.org/diary.html?storyid=2586

Microsoft MVP - Consumer Security 2007-2012

Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#2 harrywaldron

Security Reporter

Group: Members
Posts: 509
Joined: 10-April 04
Gender:Male
Location:Roanoke, Virginia

Posted 09 April 2007 - 08:49 AM

Nuwar Mass Mailer - Avoid Missile Strike/Political emails

This new mass mailer email worm is circulating extensively and is a sophisticated attack (includes rootkit, downloading of additional malware agents, and setting up it's own network of infected users). I have seen a few copies in my personal email, so this new attack is out there and is being circulated extensively.

Some links include:

ISC: Avoid Missile Strike/War Themed emails
http://isc.sans.org/diary.html?storyid=2586

McAfee: Nuwar Variant - DAT 5005 offers best protection
http://vil.nai.com/vil/content/v_140835.htm

Trend Micro: WORM_NUWAR.AOK
http://www.trendmicro.com/vinfo/virusencyc...AOK&VSect=T

F-Secure: Zhelatin.CQ
http://www.f-secure.com/v-descs/email-worm...elatin_cq.shtml

W32.Mixor.AR
http://www.symantec.com/enterprise/securit...-99&tabid=2

Sophos - W32/Dref-AF
http://www.sophos.com/security/analyses/w32drefaf.html

Quote

MAIL TO BLOCK OR AVOID:

Subject:
• Iran Just Have Started World War III
• Israel Just Have Started World War III
• Missle Strike: The USA kills more then 1000 Iranian citizens
• Missle Strike: The USA kills more then 10000 Iranian citizens
• Missle Strike: The USA kills more then 20000 Iranian citizens
• USA Declares War on Iran
• USA Just Have Started World War III
• USA Missle Strike: Iran War just have started

Message body: {blank}

Attachment:
• Click Here.exe
• Click Me.exe
• More.exe
• Movie.exe
• News.exe
• Read Me.exe
• Read More.exe
• Video.exe

Microsoft Security Journal

#3 RELOADED

Senior Member

Group: Members
Posts: 476
Joined: 16-February 07
Gender:Male
Location:Bahrain - East Riffa

Posted 10 April 2007 - 04:44 AM

Thanks for the article to avoid this malware spammed "missile war" :thumbsup:

No goal is worthy of our time and effort if all we are going to get out of it is an end result.
If I have been helping you and I don't reply within 48 hours, please shoot me a PM. Thanks.

BleepingComputer.com: Exe Malware Spammed Under "missile War" Subjects