Recent e-mails stating that the U.S. has already attacked Iran and, in some cases, also offering links to a video purportedly from a soldier, are not to be believed, according to Websense. The security vendor said in an advisory Wednesday that it has linked the provocative e-mails to the Storm worm.
Storm got its name because it first took advantage of a huge winter storm in Northern Europe in early 2007. Since then, it has used a variety of social engineering tricks, including the use of political themes, to get unsuspecting users to open its malicious payload.
This time Storm is offering form.exe and iran_occupation.exe as executable payloads.
Acording to Dancho Danchev over at ZDNet, the latest iteration of Storm appears to be using the following domains:
- statenewsworld . com
- morenewsonline . com
- dailydotnews . com
- dotdailynews . com
- newsworldnow . com