A new blended threat outbreak started yesterday whose subject lines and contents are strangely reminiscent of the first “Storm” outbreak, which created outlandish headlines to socially engineer people to open the malware. In this case, the headlines are more topical to today, including:
- Private investigation report on your colleague
- Iran announces completion of nuclear weapon
- Afghan captial in mourning
- India makes first nuclear bomb
- Sony stocks dips as president dies
- Bill Gates and family held and robbed in family home
- Bomb scare in JFK causes delays
There are also some celebrity and movie-related themes, such as:
- The loves of mini-me
- Nicole Kidman bedroom pics revealed
The malware files have been placed on legitimate (but compromised) web sites, demonstrating the need for web security solutions to analyze the full depth of the web site, and not just block or allow by domain. Since in these cases, the domains are all legitimate web sites.
Clicking on the link forces an automatic download of watch.exe, a malware executable file.
It seems the “randomize” function was tuned a bit too high however, since in most cases the subject line and the contents do not match. For example, in one message where the subject was “Bill Gates and family held and robbed in family home” the content of the message said “Obama and party feared dead in plane crash.” So… which is it?