Hackers Using Middle East Fears To Push Trojan Attack

A new spam campaign is trying to trick people into opening malicious attachments by using subject lines about the United States, Israel, and Iran starting a new war in the Middle East.
Hackers are spamming out e-mails with fraudulent news about a war breaking out in the Middle East involving the United States, Iran, and Israel in an attempt to trick people into downloading Trojans.

Daniel Wesemann, a handler at the Internet Storm Center, reported in the site's online daily diary Sunday that the spam is coming with .exe files attached. The hackers are using social engineering to lure people into opening the e-mails with the malicious attachments by using subject lines about war breaking out or the United States bombing Iran.

Subject lines include: "USA Just Have Started World War III"; "Missile Strike: The USA kills more then 20000 Iranian citizens"; "Israel Just Have Started World War III"; and "USA Missile Strike: Iran War just have started."

The actual e-mail body is blank, but the attachments have names like movie.exe, video.exe, clickhere.exe, and readmore.exe.

According to John McDonald, a security response engineer at Symantec, the underlying threat -- Trojan.Packed.13 -- is nothing new.

"They are simply minor variants of Trojan.Peacomm and W32.Mixor (named [email protected] in this instance) which have been repacked in an attempt to avoid existing detection, and appear to have been largely successful at that attempt," he wrote on the Symantec blog. "There is never a good time to let your guard down, even during a festive season when goodwill to others should surely be the overriding theme. The more shocking or unbelievable the subject of e-mails such as these, the more the contents should be treated with the suspicion they usually deserve."

Using scare headlines to con users into opening a malicious attachment or click on a link that goes to a malicious Web site is nothing new.

Just last week, hackers were trying to con people into going to a Web site that would surreptitiously infect their computers with a .ANI exploit by promising them pictures of a naked Britney Spears. Sophos reported in an advisory that the malicious site contains the Iffy-A Trojan that points to another piece of malware, which contains the zero-day .ANI exploit -- Animoo-L.

Editor's Choice
Brian T. Horowitz, Contributing Reporter
Samuel Greengard, Contributing Reporter
Nathan Eddy, Freelance Writer
Brandon Taylor, Digital Editorial Program Manager
Jessica Davis, Senior Editor
Cynthia Harvey, Freelance Journalist, InformationWeek
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing