Last Updated: 2007-06-04 21:56:30 UTC ~ "...Password protected zip file as SPAM with the password included in the HTML body of the email...
> From: line may show a news organization. However the actual sources of the email is all over the map (numerous broadband IPs on several continents). Hopefully most people have been trained to not trust the From: line or reply to spammy looking emails by now.
> Sample Subject Lines:
Subject: Re: U.S. violent crime up again, more murders, robberies
Subject: Man Awakens From 19-Year Coma
Subject: Law hits Las Vegas ...bands
Several of the samples included body text such as:
Decade Of Mystery: John Ramsey Speaks
Man wakes from 19-year coma in Poland US vows to pursue hunt for missing soldiers
Password for submitted attachment is xxx
Attachments include names such as "<news organization>-news<digits>.zip". At the moment AV coverage (of the uncompressed file) is spotty..."
June 5, 2007 ~ "...Attachments are password protected Zip archives with random filenames but appear to come from news organizations. The binary inside has the filename v245o.exe and is now detected as Backdoor:W32/Spamuwi.A..."
Edited by apluswebmaster, 05 June 2007 - 11:10 AM.