Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec

Malicious code preys on fear of war

BitDefender UK : 10 July, 2008  (Technical Article)
Spam claiming the start of hostilities in the Middle East feeds on fear of further conflict and installs malicious code on the user's computer
BitDefender researchers have identified a new wave of spam messages, using a spoof news report announcing an alleged attack of the US Army against Iran in order to trick users into downloading and installing malicious software onto their personal computers.

The webpage hosting the piece of malware - dailydotnews - is a simple, yet efficiently designed site with a top banner, a simple picture masquerading a YouTube player and three lines of text detailing the US operation in Iran. This spam approach is used on large scale as the spammer relies on a catchy heading and a link to the piece of malware in order to fuel users' curiosity and trick them into downloading the piece of malware.

"The new spam wave relies on computer users' curiosity regarding the conflict between the United States and Iran. Users are redirected to a fake news website, where they are shown a larger, inciting description accompanied by a movie player," said Andra Miloiu, BitDefender Spam Analyst. "However, the alleged flash movie is an image depicting a movie player; when clicked, the image gives users a 'Save image as' option."

Upon clicking on either the "movie" or the top banner, the user starts the download process of a binary piece of malware, called "iran_occupation.exe." The file contains the same malicious code infecting the user with the Storm Worm. The authors have used timing as their advantage, as the recent tensions in the Middle East between the US and Iran have been escalating.

On the social side, the spam wave is targeting the increasingly worried US citizens looking for fresh news on Iran threatening to burn Tel Aviv down in response to possible US attacks on its nuclear facilities.

The BitDefender antivirus is currently filtering and detecting that both the spam message and the malicious code, "iran_occupation.exe" binary, are infected with Trojan.Peed.PM.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo