Storm continues as USA declares war on Iran

Davey Winder
Thursday, 10 July 2008 15:51

Your IT - Home IT

Is it "The beginning of World War III" as news breaks that the "US Army crossed Iran's borders" and there are now "20000 US Soldiers in Iran" which in effect means "USA declares war on Iran" as a number of reports are suggesting?

It was security vendor McAfee which first christened the Storm worm Nuwar as a result of the "Nuclear WAR in USA!" subject line of the emails that distributed it when it first appeared. After many other variations on many other themes, it seems that the war scare mongering strategy is firmly back on the malware agenda.

The McAfee Avert Labs are reporting an escalation in exploitation of political tensions between the US and Iran being used in email subject lines to entice people to bait pages containing a video report that shows the start of World Ward III.

Well, it says it does. What it actually does is kick off a download of a file called iran_occupation.exe which in turn infects your machine with the Storm worm.

McAfee reports that the Storm bait pages are currently being hosted on a number of fast-flux domains to add authenticity to the news reports and lure the unsuspecting into viewing the video.

These domains include:

• dailydotnews[dot]com
• dotdailynews[dot]com
• morenewsonline[dot]com
• newsworldnow[dot]com
• statenewsworld[dot]com

The .com part of each domain has been protected above in an attempt to prevent the inherently stupid from cut and paste browsing to go take a look. I seriously suggest you do not do this as the domains host a veritable cocktails of exploits that will attempt to infect all but the most strongly fortified of computers.

McAfee has provided the details of those domains for the benefit of "administrators to take pro-active measures and block access to the rouge domains."

How does Nuwar lure people into clicking on that video clip? Find out on the next page...

CONTINUES