Real News with Real Malware
The latest malware spam run is using gripping news headlines as email subjects to hook in unsuspecting victims. And while this is not something new, the use of actual news headlines can make it more difficult to distinguish it as malicious.
The SPAM From: line may show a news organization. However the actual sources of the email is all over the map (numerous broadband IPs on several continents). Hopefully most people have been trained to not trust the From: line or reply to spammy looking emails by now.
SANS ISC reports that the following have been used as subject lines:
Re: U.S. violent crime up again, more murders, robberies
Man Awakens From 19-Year Coma
Law hits Las Vegas 'fake' bands
Also, body text may include any of the following:
Decade Of Mystery: John Ramsey Speaks
Man wakes from 19-year coma in
Poland US vows to pursue hunt for missing soldiers
Password for submitted attachment is xxx
Attachments are password protected Zip archives with random filenames but appear to come from news organizations. The binary inside has the filename v245o.exe and is now detected as Backdoor:W32/Spamuwi.A using database update 2007-06-05_01.