Spammers Spread Trojan that Drops Message of World War III

Security Specialists at Sophos have issued a warning that several spam mails carrying subject lines - '20,000 US Soldiers in Iran', 'US Army crossed Iran's borders' and 'Third World War has begun' have been seized.

These e-mails carry links pointing to a malware-laden Web page that displays a video apparently showing a nuclear blast like a mushrooming cloud.

The page has a text message, which says the US Air Force and the US Army's Delta Force have invaded Iran and about 20,000 soldiers have crossed the Iranian border where they broke down Iran's Army resistance. The message then asks the visitor to click on the video to watch the initial minutes of the beginning of World War III.

However, Sophos Specialists warned that those who might visit the page and click on the video could be at risk of being infected by a Trojan designed to hijack their computer. Sophos found that the malware was concealed in the fake video as Troj/Tibs-UO and a vicious JavaScript was concealed within the web pages of the site as Mal/ObfJS-AY.

According to Graham Cluley, Senior Technology Consultant at Sophos, receiving or opening e-mails does not lead to infection, but following the link in them or attempting to watch the video is definitely harmful, as reported by contractoruk on July 10, 2008.

In an another statement, Cluley further said that hackers are exploiting people's inclination to get breaking news through the Internet. People, particularly those who have their loved ones stationed in the Middle East, might haste to see the movie, disregarding all common sense. Therefore, Cluley added that people should regularly update their anti-virus security and should not open links in uninvited e-mails, as reported by vnunet on July 9, 2008.

Furthermore, according to Sophos, such instances of hackers exploiting news about rising tensions between Iran and the West have occurred earlier too. In 2005, a spam link pointed to controversial news about Iran continuing its nuclear plant work, but in fact dropped a Trojan. In 2007, the Cycle worm spread as it informed about the European governments' support to Tehran engaged in war with Iraq.

Related article: Spammers Continue their Campaigns Successfully

» SPAMfighter News - 7/23/2008