NEWS FROM THE LAB - Tuesday, June 5, 2007

Real News with Real Malware Posted by Ian @ 04:12 GMT

The latest malware spam run is using gripping news headlines as e-mail subjects to hook unsuspecting victims. And while this is not something new, the use of actual news headlines can make it more difficult to distinguish it as malicious.

SANS ISC reports that the following have been used as subject lines:

   Re: U.S. violent crime up again, more murders, robberies
   Man Awakens From 19-Year Coma
   Law hits Las Vegas 'fake' bands

Also, body text may include any of the following:

   Decade Of Mystery: John Ramsey Speaks
   Man wakes from 19-year coma in
   Poland US vows to pursue hunt for missing soldiers
   Password for submitted attachment is xxx

Attachments are password protected Zip archives with random filenames but appear to come from news organizations. The binary inside has the filename v245o.exe and is now detected as Backdoor:W32/Spamuwi.A with database update 2007-06-05_01.