Israel-gaza Conflict Spam Leads To Malware

[Peaches]

Israel-Gaza Conflict Spam Leads to Malware

by Nino Peloniar (Anti-spam Research Engineer)

"Another malware attack is circulating in the wild today, especially through email. It arrives via bogus email which claims to be from CNN news. The email purports to contain news about Israel’s bombardment of Gaza. It also contains a link of the graphic video of Al Jazeera English Report about the news. The subject and the senders name vary in every mail.

When the victim clicks on the link, it will open a fake CNN webpage:

If the victim clicks on the video “click to play†icon, an error message pops up:

Adobe_Player10.exe is detected by Trend Micro as TROJ_DLOADR.QK. Upon execution, TROJ_DLOADR.QK connects to another URL, which on the other hand, is detected as TROJ_INJECT.ZZ.

TROJ_INJECT.ZZ is an info-stealer that logs keystrokes and launches a sniffer to retrieve passwords from network packets. It then uploads the gathered data to several URLs. It also drops a rootkit component detected as TROJ_ROOTKIT.FX.

Aside from all malicious files being detected, such malware-bringing spam messages are already blocked through the Trend Micro Smart Protection Network."

Story & screenshots: http://blog.trendmicro.com/

[baker7]

Thanks for this information - I think I will have to look into most of these, as they seem to change so FAST - luckily, my training has changed as necessary to deal with these nasty things

Brian