0 Replies Latest reply on Jun 19, 2008 6:07 PM by HarryWaldron

    New Storm Worm - China/Beijing Earthquake Theme

      This one may be coming to our inboxes soon This new variant disquises itself as a news flash to tempt users into selecting a hostile URL with a .cn domain.

      The malware object isbeijing.exe

      McAfee Information (DAT 5321)
      http://vil.nai.com/vil/content/v_140835.htm

      New Storm Worm - China/Beijing Earthquake Theme
      http://www.f-secure.com/weblog/archives/00001457.html
      http://www.sophos.com/security/analyses/viruses-and-spyware/w32nuware.html
      http://www.theregister.co.uk/2008/06/19/bogus_beijing_quake_malware_ruse/

      QUOTE: One of the trademarks of the Storm gang's 18 month lifespan has been that they're very creative and current when it comes to their social engineering techniques, e.g. 1, 2, 3, et cetera. The latest variant is e-mail that arrives to your inbox reporting a violent earthquake in Beijing.

      Samples of the bogus alert doing the rounds, featuring subject lines such as "Million dead in Chinese quake", link to a website on a .cn domain. This site claims a quake measured in at 9.0* on the Richter scale has caused millions of casualties while throwing preparations for the games into turmoil. The page contains links to a supposed video that actually downloads the Nuwar-E worm onto the Windows boxes of marks credulous enough to fall for the ruse.