Spam Circulates With Fake Video of U.S.-Iran Strikes

A spam ran over the weekend that sent out file attachments depicting video shots of a fake missile attack by the U.S. on Iran. If recipients opened the attachment they would unwarily download the notorious "Storm Trojan", said anti-virus vendors on April 9, 2007. Linuxworld published it.

These spammers aim to clog malware onto systems to make criminal gain. Symantec observed they were employing a social engineering technique based on a possible beginning of a broader war.

The unsolicited junk e-mail comes with provocative subject titles such as 'Missile Strike: The USA kills more than 20,000 Iranian citizens'/ 'USA Just Have Started World War III'/ 'USA Missile Strike: Iran war just have started'/ 'Israel Just Have Started World War III'. The e-mails to date have shown empty e-mail body with the file attachments with various names like 'movie.exe', 'video.exe', 'clickme.exe', 'click here.exe', 'readme.exe' and 'read more.exe', said John McDonald, researcher at Symantec in an advisory. Securitypronews published the advisory on April 9, 2007.

There's nothing new in the threats that the spam imposes, said McDonald on Symantec's blog of its security response team. He said they were just slight variants of W32.Mixor and Trojan.Peacomm that have been rearranged to try and avoid current detection tools, and they have been successful so far. The executable file in the war terror spam is really a worm that installs both the Trojans. People who carelessly run the executable will inject a bulk mailing program and also a rootkit into their computer system.

'Peacomm' also called 'Zhelatin' and 'Storm Worm' was spreading most widely during these few days among other malware items, as per data from MessageLabs. It constituted 32% of all malware in worldwide distribution. Peacomm Trojan stands out prominently as it was the highest malware attack since mid-2005 that had earlier made a surge in January-February.

The spam is new as it contrasts with previous spam that lured recipients with romantic titles such for Valentine's Day. The malicious Trojan has been spreading through blogs and instant messaging apart from e-mail. This particular spam not only harms the systems but also generates terror among the users.

Related article: Spam Scam Bags a Scottish Connection

» SPAMfighter News - 4/17/2007