Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Exe Malware Spammed Under "missile War" Subjects


  • Please log in to reply
2 replies to this topic

#1 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:53 AM

Posted 09 April 2007 - 07:48 AM

A large amount of malicious email has been sent with subjects suggesting a missile strike to civilian targents in Iran:

"USA Just Have Started World War III"
"Missle Strike: The USA kills more then 20000 Iranian citizens"
"Israel Just Have Started World War III"
"USA Missile Strike: Iran War just have started"

A malicious executable with "video.exe", "movie.exe" etc. is attached...

http://www.f-secure.com/weblog/archives/ar...7.html#00001164
http://isc.sans.org/diary.html?storyid=2586
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

BC AdBot (Login to Remove)

 


#2 harrywaldron

harrywaldron

    Security Reporter


  • Members
  • 509 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:07:53 AM

Posted 09 April 2007 - 08:49 AM

Nuwar Mass Mailer - Avoid Missile Strike/Political emails

This new mass mailer email worm is circulating extensively and is a sophisticated attack (includes rootkit, downloading of additional malware agents, and setting up it's own network of infected users). I have seen a few copies in my personal email, so this new attack is out there and is being circulated extensively.

Some links include:

ISC: Avoid Missile Strike/War Themed emails
http://isc.sans.org/diary.html?storyid=2586

McAfee: Nuwar Variant - DAT 5005 offers best protection
http://vil.nai.com/vil/content/v_140835.htm

Trend Micro: WORM_NUWAR.AOK
http://www.trendmicro.com/vinfo/virusencyc...AOK&VSect=T

F-Secure: Zhelatin.CQ
http://www.f-secure.com/v-descs/email-worm...elatin_cq.shtml

W32.Mixor.AR
http://www.symantec.com/enterprise/securit...-99&tabid=2

Sophos - W32/Dref-AF
http://www.sophos.com/security/analyses/w32drefaf.html

MAIL TO BLOCK OR AVOID:

Subject:
Iran Just Have Started World War III
Israel Just Have Started World War III
Missle Strike: The USA kills more then 1000 Iranian citizens
Missle Strike: The USA kills more then 10000 Iranian citizens
Missle Strike: The USA kills more then 20000 Iranian citizens
USA Declares War on Iran
USA Just Have Started World War III
USA Missle Strike: Iran War just have started


Message body: {blank}

Attachment:
Click Here.exe
Click Me.exe
More.exe
Movie.exe
News.exe
Read Me.exe
Read More.exe
Video.exe



#3 RELOADED

RELOADED

  • Members
  • 476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bahrain - East Riffa
  • Local time:02:53 PM

Posted 10 April 2007 - 04:44 AM

Thanks for the article to avoid this malware spammed "missile war" :thumbsup:
No goal is worthy of our time and effort if all we are going to get out of it is an end result.
If I have been helping you and I don't reply within 48 hours, please shoot me a PM. Thanks.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users