Farelf Posted April 25, 2007 Share Posted April 25, 2007 The subject was Worm detected! and sure enough, as advertized, a worm was enclosed (in removal-77320.rar, truncated in the foregoing). Well, I thought it was worth a sardonic grin. Malicious worm detected! No, really! says Trend Micro - naming it (or a near relative) WORM_NUWAR.AOP. Of the 31 AV apps at Virus Total, only McAfee found anything (W32/Nuwar[at]MM!rar) in the base64 encoded form in which it was transmitted. NAV found nothing. "My" version, size and hashes: size: 68481 md5.: 7dc509c2785c7e28623c3f4a348f8907 sha1: e43c3c52a9e068261aa1317dfb68d1a96e6c886d Quite an unconvincing effort really - the little gif before the payload is in Courier font (faux plain text) with the following sage advice Dear Customer, Our robot has detected an abnormal activity from your IP adress on sending e-mails. Probably it is connected with the last epidemic of a worm which does not have official patches at the moment. We recommend you to install this patch to remove worm files and stop email sending, otherwise your account will be blocked. We archived the patch because the worm can modify unpacked exe files. You have to open archive file, enter password and run patch immediately. Password: top01 Customer Support Center Robot. Customer? Spelling? Grammar? I'm sure they'll get better. Then they just have to convice us to open files from people of whom we've never heard. And they imagine a good proportion of us would either not see the notice was an image or fail to recognize the significance if we did see. How lame. Yet some fall for it, apparently. Link to comment Share on other sites More sharing options...
Wazoo Posted April 25, 2007 Share Posted April 25, 2007 Yep .. this ploy has been around for years. Typically, they come 'directly from Microsoft' though, so as to sound even more 'official' .... Link to comment Share on other sites More sharing options...
dra007 Posted April 26, 2007 Share Posted April 26, 2007 The latest such ploy simply appeared as a clickable gif with MS Vista logo... Link to comment Share on other sites More sharing options...
Farelf Posted April 26, 2007 Author Share Posted April 26, 2007 Then there's this to look forward to - Storm Worm marries malware and spam Spammers have decided to kill two birds with one spam: The stock-touting e-mail messages regularly sent out by spam-focused bot nets have started to include links to malicious code, according to a report published Wednesday by e-mail security firm MessageLabs. The criminal groups responsible for the spam appear to believe that recipients of the e-mail may click on a Web link, even if they don't buy the stock touted by the e-mail message. In the past 10 days, MessageLabs has only detected about 3,500 of the messages, so the spammers may be testing to waters to see how often the scam works, said Mark Sunner, chief technology officer for the company. ... Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.