CudaMail Solutions

 Wednesday, July 09, 2008
US-CERT Current Activity - New Storm Worm Variant Spreading
Wednesday, July 09, 2008 4:43:08 PM (Mountain Daylight Time, UTC-06:00) ( Storm Worm | US-CERT )
 Just a heads up that the storm worm is up to the same tricks again with a war theme this time.
As always watch out for these kinds of tactics.

- Shaun


US-CERT Current Activity: New Storm Worm Variant Spreading

Original release date: July 9, 2008 at 8:48 am Last revised: July 9, 2008 at 8:48 am

US-CERT has received reports of new Storm Worm activity. The latest activity uses messages that refer to the conflict in the Middle East.

This Trojan is spread via unsolicited email messages that contain a link to a malicious website. The website is noted as having the following malicious characteristics which may be used to infect the user's system with malicious code.
  • A video that, when opened, may run the executable file "iran_occupation.exe."
  • A banner add that, when clicked, may run the executable file "form.exe."
  • A hidden iframe linked to "ind.php."
Reports, including a posting by Sophos, indicate that the following subject lines are being used. Please note that subject lines can change at any time.
  • 20000 US soldiers in Iran
  • Iran USA conflict developed into war
  • More than 10000 Iranians were murdered
  • Negotiations between USA and Iran ended in War
  • Occupation of Iran
  • Plans for Iran attack began
  • The Iran's Leader Mahmoud Ahmadinejad declared Jihad to USA
  • The World War III has already begun
  • The begining of The World War III
  • The military operation in Iran has begun
  • The secret war against Iran
  • Third War in Iran
  • Third World War has begun
  • US Army crossed Iran's borders
  • US Army invaded Iran
  • US army is about 20 kilometers from Tegeran
  • US soldiers occupied Iran
  • USA attacked Iran
  • USA declares war on Iran
  • USA occupeid Iran
  • USA unleashed war on Iran
  • War between USA&Iran
  • War with Iran is the reality now
  • Washington prefers to shoot first
US-CERT encourages users and administrators to take the following preventative measures to help mitigate the security risks:
  • Install anti-virus software, and keep its virus signature files up-to-date.
  • Do not follow unsolicited web links received in email messages.
  • Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
  • Refer to Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.

Relevant Url(s):
http://www.us-cert.gov/cas/tips/ST04-014.html

http://www.sophos.com/security/blog/2008/07/1569.html

http://www.us-cert.gov/reading_room/emailscams_0905.pdf


This entry is available at:

www.us-cert.gov/current/index.html#new_storm_worm_varient_spreading

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iQEVAwUBSHS1LXIHljM+H4irAQIHjQf/VmTJlMuebVWbXRIHH5D8xXw6zU5Ma9Yg
t0RqZlMIT7o5ILoNXlDNs9mmoq0fYrQeQz7WkW3hoV/E+H8ip4VX0XeOZerxxpGr
fpSwXaVcmwGxyD8XImelDOOa4fBAVPL6MOr1/40zg8Fc83ZSr6WRzwNoTGZc0OFR
0eyVe3D4hRGHiJSwtgRH79KoD1QjKli1i75R1brn2AiG2N2Z1OC2/03FJbhgo1mO
yIN6LsKCaEzMaUta3kqL0sGhUnzPWcpDbBaz7NlWCBXhs8bq11LAyuQ1iq5fBIDu
OXxJJa1BjNXvBuZBGPpRSLU0h7qSJykc5/6GiVrDgxYp+oHIw9qmcw==
=UYty
-----END PGP SIGNATURE-----

Comments [0] | Trackback | # 
Related posts:
US-CERT Current Activity - Malware Circulating via Spam Messages
US-CERT Current Activity - Airline E-ticket Email Attack
US-CERT Current Activity - New Storm Worm Activity Spreading
US-CERT Current Activity - U.S. Customs and Border Protection Email Attack

About the author

Shaun Sturby, MCSE Shaun Sturby, MCSE
Technical Services Manager, and Optrics' point person for email security

  Navigation

Home
Archive
CudaMail.com
BarracudaNetworks.ca
Optrics Inc.
Shop.Optrics.com

  Search

  Tag Cloud

Adobe (1) Airline e-Ticket Scam (1) Anti-Spam (32) Anti-Virus Software (1) April Fool's Day (1) Barracuda Central (3) Barracuda Networks (5) Barracuda Spam Firewalls (4) Barracuda Web Filter (1) Barracuda Website Firewall (1) Black Market (1) Botnets (1) CudaMail (23) Disaster Planning (1) e-cards (1) Email Hoaxes (1) False Positives (1) False Spam (3) Fast Flux (1) Folding @ Home (1) Fortinet (1) HydraFlux (1) Identity Theft (1) Illicit Trade (1) Malware (2) Marshal (1) McAfee (1) Memorial Day (1) Microsoft Exchange (1) MX Backup (1) National Geographic (1) Natural Disasters (1) ORDB (1) Outlook Plug-In (2) PDF Malware (1) Phishing Scams (8) Postini (1) Regional Based IP List (1) Robert Soloway (2) S.P.A.M. (1) Secure Computing (1) Seti @ Home (1) Sophos (3) Spam (20) Spam Filtering Service (9) Spam Stats (7) SPF (2) SQL Injection (1) Storm Worm (2) Threats (19) US Election Spam (1) US-CERT (5) Valentine's Day (1)

  Category Feeds

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

  Archive

September, 2008 (5)
August, 2008 (3)
July, 2008 (5)
June, 2008 (6)
May, 2008 (4)
April, 2008 (7)
March, 2008 (5)
February, 2008 (9)

  Blogroll

 BarracudaNetworks.ca
 Optrics.com
 Squidoo CudaMail Lens

RSS 2.0 | Atom 1.0 | CDF


Send mail to the author(s) E-mail Us

  Statistics

Total Posts: 46
This Year: 46
This Month: 0
This Week: 0
Comments: 5

CudaMail Blog Subscribe

Subscribe

Sign In


Technology Blogs - BlogCatalog Blog Directory
 

© Copyright 2008, Optrics Inc.