There mustn’t be much going on in the world today as the Nuwar spammers have moved from jumping on real news of natural disasters and current affairs to creating their own fictional events! This high volume spam campaign is using some wacky subjects to lure people into clicking on the links:
Subject: Britney found hanged in locker room
Subject: White House hit by lightning, catches fire
Subject: Oprah found sleeping the streets
Subject: Eiffel Tower damaged by massive earthquake
Subject: Donald Trump missing, feared kidnapped
Subject: Lastest! Obama quits presidential race
This clever social engineering technique plays on peoples inquisitiveness in news of natural disasters and celebrities. The emails also follow the simple format of some text and a link that looks fairly harmless to the uneducated user.
All the links go to a fake pornotube page hosted on legitimate sites that have been hacked. If you click on the video (that’s actually just an image) it tries to download a .exe file. This is detected as BackDoor-DNM and the spam is also currently detected with our Anti-Spam products.
So it goes without saying.. NEVER click on links in an email unless you are sure of its origin, keep your Anti-Virus software up-to-date and if you have a website make sure its properly secured so you’re not hosting stuff like this.
June 20th, 2008 at 10:43 am
[…] last one would have been by favourite, but for the McAfee blog which lists a number of others including: White House hit by lightning, catches […]
June 23rd, 2008 at 1:16 am
Hello, thanks for the info.
Would like to ask about Vista Antivirus 2008. All of the sudden, today, I have been told of all these ‘infected’ items that McAfee is not picking up. And now for some reason I can not get rid of Vista Antivirus 2008 creating a pop-up window every few minutes telling me that I am under ‘attack’, and being threatened by the ‘Blaster/Sasser.variant worm’. I have checked the Threat Center and have not found anything with this name. Can you please help me with this problem, and/or lend some insight into how I can deal with this trojan!
R.
June 24th, 2008 at 7:05 am
sir,
This is our problem pls solve this
In our customer site as our customer request when we scan with the mcafee 8.5 (with latest update DAT:5323 Scan Engine:5200)
it is not detect any virus, but when we scanthe same computer with E trust antivires it will detect virus. it’s name is Win32/Armax.I trojan, Win32/Armax.G trojan
but mcafee anti vires did not find above virus
F:\Dictionary\Dictionary .exe - Win32/Armax.I trojan. Deleted.
F:\System\System .exe - Win32/Armax.I trojan. Deleted.
F:\System\DriveGuard\DriveGuard .exe - Win32/Armax.I trojan. Deleted.
pls solve our problem asoon as possible otherwise it will became the best marketing tool for the other antivirus vendors
thank you,
July 19th, 2008 at 12:22 pm
[…] Worm - Uses Fictional Breaking News Alertshttp://www.avertlabs.com/research/blog/index.php/2008/06/20/breaking-news-not/ […]