exe malware spammed under "Missile War" subjects (SANS Internet Storm Center; Cooperative Network Security Community - Internet Security - isc)

movie.exeやvideo.exe、click here.exe clickme.exe、readme.exe等の拡張子EXEを使っているウイルスが出ているそうです。

If you're still not blocking EXEs on your email gateway, chances are your users are getting flooded by the latest scam at the moment. We're receiving reports of a "movie.exe" 95c563731b7828d6e98eae81ee08869f making the rounds, attached to emails with very "clickable" subject lines like "USA Just Have Started World War III" / "Missle Strike: The USA kills more then 20000 Iranian citizens" / "Israel Just Have Started World War III" / "USA Missile Strike: Iran War just have started".

Filenames "video.exe", "click here.exe", "clickme.exe", "readme.exe" and "read more.exe" are also used,

AV coverage starting to become available, W32/Tibs.ET@mm (Fortinet) Email-Worm.W32.Zhelatin.cq (Kaspersky/F-Secure) W32.Dref.AF (Sophos) Of course also worth mentioning is Symantec, who (likely by sheer luck :) caught it early on, by detecting the packer: Trojan.Packed.13.

2007/04/09 21:15に4.399.00WORM_NUWAR.AOKとして対応