Davey Winder
Thursday, 10 July 2008 16:51
Your IT -
Home IT
Page 1 of 2
Is it "The beginning of World War III" as news breaks that the "US Army crossed Iran's borders" and there are now "20000 US Soldiers in Iran" which in effect means "USA declares war on Iran" as a number of reports are suggesting?
It was security vendor McAfee which first christened the Storm worm
Nuwar as a result of the "Nuclear WAR in USA!" subject line of the
emails that distributed it when it first appeared. After many other
variations on many other themes, it seems that the war scare mongering
strategy is firmly back on the malware agenda.
The
McAfee Avert Labs are reporting an
escalation in exploitation of political tensions between the US and
Iran being used in email subject lines to entice people to bait pages
containing a video report that shows the start of World Ward III.
Well, it says it does. What it actually does is kick off a download of
a file called iran_occupation.exe which in turn infects your machine
with the Storm worm.
McAfee reports that the Storm bait pages are currently being hosted on
a number of fast-flux domains to add authenticity to the news reports
and lure the unsuspecting into viewing the video.
These domains include:
-
dailydotnews[dot]com
-
dotdailynews[dot]com
-
morenewsonline[dot]com
-
newsworldnow[dot]com
-
statenewsworld[dot]com
The .com part of each domain has been protected above in an attempt to
prevent the inherently stupid from cut and paste browsing to go take a
look. I seriously suggest you do not do this as the domains host a
veritable cocktails of exploits that will attempt to infect all but the
most strongly fortified of computers.
McAfee has provided the details of those domains for the benefit of
"administrators to take pro-active measures and block access to the
rouge domains."
How does Nuwar lure people into clicking on that video clip? Find out on the next page...
CONTINUES
LATEST HEADLINES FROM YOUR IT
