Email This Post Email This Post

US-CERT Says “New Storm Worm Variant Spreading!”

Hear ye, hear ye:

[tag]US-CERT[/tag] has sent the following bulletin warning everyone that Spammers and Hackers are at it again with the “[tag]Storm Worm[/tag]” and this time they’re using news of a fictitious US war with Iran to get you to open their email.

Careful out there!

- The Spam Cryer

US-CERT Current Activity: New Storm Worm Variant Spreading

Original release date: July 9, 2008 at 8:48 am Last revised: July 9, 2008 at 8:48 am

US-CERT has received reports of new Storm Worm activity. The latest activity uses messages that refer to the conflict in the Middle East.

This Trojan is spread via unsolicited email messages that contain a link to a malicious website. The website is noted as having the following malicious characteristics which may be used to infect the user’s system with malicious code.

  • A video that, when opened, may run the executable file “iran_occupation.exe.”
  • A banner add that, when clicked, may run the executable file “form.exe.”
  • A hidden iframe linked to “ind.php.”

Reports, including a posting by Sophos, indicate that the following subject lines are being used. Please note that subject lines can change at any time.

  • 20000 US soldiers in Iran
  • Iran USA conflict developed into war
  • More than 10000 Iranians were murdered
  • Negotiations between USA and Iran ended in War
  • Occupation of Iran
  • Plans for Iran attack began
  • The Iran’s Leader Mahmoud Ahmadinejad declared Jihad to USA
  • The World War III has already begun
  • The begining of The World War III
  • The military operation in Iran has begun
  • The secret war against Iran
  • Third War in Iran
  • Third World War has begun
  • US Army crossed Iran’s borders
  • US Army invaded Iran
  • US army is about 20 kilometers from Tegeran
  • US soldiers occupied Iran
  • USA attacked Iran
  • USA declares war on Iran
  • USA occupeid Iran
  • USA unleashed war on Iran
  • War between USA&Iran
  • War with Iran is the reality now
  • Washington prefers to shoot first

US-CERT encourages users and administrators to take the following preventative measures to help mitigate the security risks:

  • Install anti-virus software, and keep its virus signature files up-to-date.
  • Do not follow unsolicited web links received in email messages.
  • Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
  • Refer to Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.
Relevant Url(s):

http://www.us-cert.gov/cas/tips/ST04-014.html

http://www.sophos.com/security/blog/2008/07/1569.html

http://www.us-cert.gov/reading_room/emailscams_0905.pdf

This entry is available at:

www.us-cert.gov/current/index.html#new_storm_worm_varient_spreading

Entry Filed under: Bulletins,Lead Story

Leave a Comment

Required

Required, hidden


+ 5 = fourteen

Some HTML allowed:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Trackback this post  |  Subscribe to the comments via RSS Feed

Our Author

Shaun Sturby, MCSE Technical Services Manager, and Optrics' point person for email security
Shaun Sturby, MCSE