7/11/2008: Warning: Malicious Software downloaded when researching US
attack on Iran:

BitDefender researchers have identified a new
wave of spam messages that announce an alleged attack of the US Army
against Iranin order to trick users into downloading and installing
malicious software onto their personal computers.

The webpage hosting the piece of malware - dailydotnews.com - is a
simple, yet efficiently designed site with a top banner, a simple
picture masquerading a YouTube player and three lines of text
detailing
the US operation in Iran. This spam approach is used on large scale as
the spammer relies on a catchy heading and a link to the piece of
malware in order to fuel users' curiosity and trick them into
downloading the piece of malware.

"The new spam wave relies on computer users' curiosity regarding the
conflict between the United States and Iran. Users are redirected to a
fake news website, where they are shown a larger, inciting description
accompanied by a movie player," said Andra Miloiu, BitDefender Spam
Analyst. "However, the alleged flash movie is an image depicting a
movie player; when clicked, the image gives users a Save image as'
option."

Upon clicking on either the "movie" or the top banner, the user starts
the download process of a binary piece of malware, called
"iran_occupation.exe." The file contains the same malicious code
infecting the user with the Storm Worm. The authors have used timing
as
their advantage, as the recent tensions in the Middle East between the
US and Iran have been escalating.

On the social side, the spam wave is targeting the increasingly
worried
US citizens looking for fresh news on Iran threatening to burn Tel
Aviv
down in response to possible US attacks on its nuclear facilities.

The BitDefender antivirus is currently filtering and detecting that
both the spam message and the malicious code, "iran_occupation.exe"
binary, are infected with Trojan.Peed.PM.
Source: Intel News Brief via M2 PressWIRE-Internal Company News Wire-
TCMnet