Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Osama Spam Onslaught Leads to Trojan



 By: Dennis Fisher
2004-04-23
Article Rating:starstarstarstarstar / 1


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
A persistent new spam campaign that purports to show recipients pictures of Osama bin Laden being captured is in fact a ruse that could lead victims to download a malicious Trojan.

A persistent new spam campaign that purports to show recipients pictures of Osama bin Laden being captured is in fact a ruse that could lead victims to download a malicious Trojan.

The e-mails have been flooding inboxes all over the Internet since Thursday, carrying a subject line that reads: "Osama bin Laden Captured." The sending address is spoofed, and the messages often appear in tightly grouped batches of eight or 10 e-mails at a time. The text of the message is as follows:

Resource Library:
"Just got this from CNN Osama Bin Laden has just been captured! A video and some pictures have been released. Go to the link below for pictures, I will update the page with the video as soon as I can: http://xxx.xxx.xxx.xx/pics/ God Bless America!"

Users who click on the URL in the message are taken to what looks like an ad for Viagra. But the Web page also attempts to exploit a vulnerability in Internet Exlorer to download a file named Exploit.exe, which contains a Trojan called Small.B, according to an analysis of the threat by Panda Software, based in Glendale, Calif.

Once on the users machine, the Trojan opens a random port and sends the port information to a remote Web server. It then listens on that port for instructions. The Trojan can be used for sending spam, according to McAfee Security, a unit of Network Associates Inc., in Santa Clara, Calif.

For insights on security coverage around the Web, check out eWEEK.com Security Center Editor Larry Seltzers Weblog.

Check out eWEEK.coms Security Center at http://security.eweek.com for security news, views and analysis. Be sure to add our eWEEK.com security news feed to your RSS newsreader or My Yahoo page:  



  Reader Comments: Osama Spam Onslaught Leads to Trojan
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Dennis Fisher
 


x}rȲvļC gXmЁmx ݞ B4$ls%ύ}}ͬ*}`{zmw UU%\XH7' J3k4p{>Y"IͽW^{7md|2u|h0\[RVG#jѨQ'iyyZ({j" KTLFZMh ueur}m2 fEkN}>B%I{z 62 %I~%ϲ|GZ>A~ez_dhy53ՙ&B>&|k4 (aGеe #B=..Q5^t61v45,b'(cO^o aE ^#a ٳ^G kb~'"ScO$֡%NIUA`:Q?D@]2,R,R͌ՙn@wTGWC⪦RGzeCG{ P0H hU7 [ Q+ŰG ?1tG$oaC'Lˤ"'%5]v7q9:&s؟zB%NPE ?q{ѓFT-GL:nd/Dzr#k3f]ΤwR.j|X-U򥣺FTyxx=zp ݜ?8YvNfoFzR(Gλ ? n04Th;Lm9#M=kyؼ}  eu+5UE`RY\/ G ,ֳP uN.kzQZ-_ |^(]ju--bݥ0Cƌ_8(J>U}s}I}>G,[3sAV  2CTZ3uU5m{#r9m>ZsِF`B{queZr&cs'^ěǙAXC9CM0uגjd 3|=nߟ\tNIF,ȯB5d}!s37#R(y7ʰn.G\}DpFdƩ$|ͺzN ԎcLo4z!0JD=SfM52,eg:05@M)71F v!fB9~!_:Q _Z9_B؇BT~nі/)E7r>eoF" QXB(&pHqbCǪ{$wsY  |qq^oVW͉:]X]uUjZnYRޞcy>#U.۽^m8^$g 5? ,ieݴ%!8W%MBrޛUPTbH@8ʍ771B imGt /㛹7`h;uFՙ]Ycf$}t>AEATiCŤh4鞪MurӇtt@.> ǵރМoH !pň3ڍLLt_#wC۠h&;T ]]wL29iԛuM%1t@μ's,`bxL%\Ew, fıp=7{;xiy9ҳ{J`Ͱ ̴b֜ޔe4dӤiB7g ƩMI|B90-qڛZuVmCyTXhw! 3Ͱ&SqO=q rTfЬ||Yͻ\۪vS9/!+`WY 2edRU9:K d֖ O_ba!_J=LEz~#JutOOw)'SkFFJ V zh'ѫ>Ug HMu$[K7KRTM^ӛA|(~VurPohm_XaaxEY{B񕖒HD@CR׵5ò =0Pr"86*FGQnjPy,{8`k=0*lS#Sad$V+j86k\[`CaPeܡɃI栣>[e|xuZ6C2ȇKҳ8$Scelr LH `S pFa)e-6Ԕ&fl>wY[*^\W(˖X Lf*:UsyuؿXY۫ îtՒoxNvpw~!Sh2F,ñnHUW7Ik"2R ̆r(!QO9&_Gƅ Kd* 0eC:eDM6'QZ^-L.us ,\mrIT8ׇY/O#BUDdql9377SUX32L,y7/|]tF ,4ra,,CR5V23kcu$eM *I-b[W"Lc ֚ d6'do':#Xu~HLbhp B@E.br>+j*oʃ.sKQd%܌wр.r;\X"]?c &УAj:q~ᇆ9*#uϝGhho>]HjZXp6PQr^R*q_f9wܘwq)4M5@r`g}u190gO7LFk4x14 _t>ȵ`>t0jV7eE>yL vHf(|]J~>V6ʼnG փx ɵ|AQL~U V8w| K?!a⢉!M &Ii=댺wH@w+U ~JQA E]pdPm Q`9thf_kLk? %_=ژw +fv1eD!S2:еo%% gb(ƍ'&g"ńesViV)SJb/ $6b!uEvz}j~!Yd93is3k-_OSÚrum\YKq\5QϦhځJnՅuQlL1/rhwy:JPi1&(ځϚBsu~$4=1۠FvT4dWBg:=ܖ~AdrG*|z::vi 3p),5# kF ;3lLFfe -vf#Xi#5O+K&)? z47De.ksqD5v.ԈTjSnG(.lqJW HT(UTUeϲu͕չo8iJCg`sߊЇBỵV3#hVmZ\7Ѷ5i&"lО[e"7";pV~j7.;aS-Uez kbTꚗSH=Y<"ޞ8GOM5)$Jl"I?QjYKKIuvb*ŪRG }Ur=+ nb˨=b6A)™M`ᒐ sp:'S6Gz*GE"BG l 8@X_ǀzB:q]_>׎:KErP^SQW2bEhL |igM3s^f| Rt}KqV"T t~nF1QW` %aAOgG׌VtK:H␐ NANhs'$ >rZ n1~KP -Mu?oSoTpo":'Ehwl)~ڲO0;Ɔp@>֝Rq4B~~=m1겣ٚjHlx hEO39 uEVޞ-Hu=Yi ydXýK3B۝J$s=;͖G4.נօ?V#["|'1-& +BTZ|O*D'?vj+ 81 t<śD #rL唣\){~R9:Jl;3uoC1uc˿;^dG9ʼSya u +;NoݕW>0k{R̵j<>Sd®ީڔ{`3=}@ל΀(|s鐝fЦx/ &4n%9Oy!+p"~%a8l*Ph,vX\ !KaȚ(FY\uuoߐ;P +=Ƃ{ݫ#psA]Apʜ(=}!S'g99ն?pFx@;^:A_FCSmG4{S}/eJكx^iimǡ8- 0^l"4P$9E) *ۻʮZDVd.tՓzsx/7K!@7YM (ɦެye1>yQg~!. w0+xfP>:n#ˤ/+*vHrHq7TRY[t]"ĵ"v% s*a0,aV!{"F3Y="[YXydbP־:1G}Lxj Yj襶n,:;`!3Ȑʹkyaϰ=!ɄΙ 2rB%[euw+[S'gSc;/HF#%w:ȰlG@|Ր0\f> V*?7"gc+YT>9bȑ2^cwaȢ3QMa,zE:.a 1s#QS2f{;; #Yjvx{!ńcueՠ7Ёs9 k- ej>B92~t_tϨe͍=>[Rx?R]g@ >A1:9(ԎHd$ d_aM_Q1T9&L<+Dve̎h/*|TI%/}$+o oЀ A"FBĠ0䈢,CaxcSȧ ΗE|'l^ ]wt7R^AZ :n馋#Zu= _-LR=e$?.^d{:.AHxHzEC/E;!ܥNT^ږ/T*W"|:Rq]aHPվ 4|}TSk I?l Z]cΤ\ƕsIHaQ,UkyRHal%eIk 5툽6-)e3锂I-s8_:W50Qa*8"z]\;c-X5@` 8Ҁo~eLR gLOⶼZy)^}5RFm@j?BFtznxi1pS MLHD@B/Da N|&-v8)5_U_\;HoknKɅx9̋nHgMa'i3(,K|("ͯK턾.6w( GIXF| Oq/?.ބnR\=  ' ku @elHV])t)[X .a] [.;>Rea\\־}X݁t4_z1 fRΖT|ai.U J#[h&+O*g@[~mRT 2-p,4gqJMxg9@{'tQ D'~GA%Egx5A҈F(e:QW*vL}Cj")JSR_/c"[nU`Rǽ[`{ ,EН+s> T'~u«.9Mao6.尿~`u"fEb9Z V^ac, <З8" 0!|%\\2|?~,k(GXnuҩ:/MHS]O,sbu!NGғ-`i~~nc *zJ^& 9Y ʦ|#A jV#y\'b#Q3)/RL;$Ž$qa5·RT$n#F |i_Qal>1U =#!agHyhVS T |U!Y `! 1F0"i4P@k;]tmN,RL/j̯M_@ñ][I)/$WkoUΛ:s2 ^oIJ6HG)s6HD Bc"`&i/J'S_ڇd~uQ2Jcu KݯoN`v3zeP~fMϳfqUvt\]^ kb B_4Ȑ{ NK|?!_fٖ_DR| ƿ2nRXrO|knfK~72M }UP 6kx l4Î6/ʹdCa A[o]6oaa}XiնaYBrBzm,ЙuOW h;D!~!g9?B 灒9#$+N$ě[Hecd͟*Θhf37~H+5{/%rpB 2ӻF0ìef1A#p-}&?RWUx~&?qoa[0u\񲬱\ 'a`y+ l1D+bZGj  T~ ňjc37S5bt{>[|݃zOe #nS}`sm8:jy|#.|-7㪝Cm-?1ͨ8$ud -DRo=ю=9PAgt~:eqߡ俋_u(opoob}d?? ^> 3rcy!Fw{Kb+?7s$9Fñ2)YX.OR?:_PEGBx `|o"Ev9a}DYbiD5a{,h#8qٌʃi93XAݏ淹sl4b4Bu҄>FƘK`?RK.q]KRG*++xWTBZC'4esP5rH+xkH-7WI7|^6ߨ߇yVŠ+@&BkƳ,+39B;77#]0_q="o7/ݝ@ fnVtDkfCC5yOG) pG찘?12=\H@ ZM1bӰp-+|2q?NRu:@Y؋QfSnb?B1_V*ZSьG=KVj|P+)`;T<MX5AOb*rS xRſ}\!օ'c0/0/ bü:nZC$K&HK,txZډbHc?zGy_K>- {`gq-m5ܵ8:ȱk=r 4Q= |]);q?x.e%$[I{5M}h#[3:>h&nCtm-c@~Igc&ayZ~\`{saeYA˴ ͬ-+J5"V㜏c4K":;N[f TS5uj E=j_/HJ IT;W"Y(l՚~CU,`ІMֿD|͈VsZǺFSC)0h?A D%ϙ \TCЭB)ͪ;nP}sY?e=t` ' sF@<-{'-SWldf"@р>˟fBZ rվ]M=<: kZG&8$wT'.h݅]jS3Y9$l0W MûaK.ˊCǓ O#u}cGB(T 9#>P͝h|sxIݹJa?Ðs{V D "c+41GJ[#}ɹcMp4 ld fon#b!a^B75cfĈe!9e9#<ɇn皉1JK\-|@e=Dq;r9<7 tHot]\U*@J>S|6XP؟"?pk_EH0X|jn`̱X`ңtt>/;x̏vΆ&p{,9˦~lhF5?Y|ob:!Lei9bC´)T+mB籨PL<^yN4xTL .=鎖xT\ =<RX̘_wTe?7kyL|'+J9r>62UN+MoS@^}'ݫvԼV(ۺvHN Kɿpj+% ݔ|~rଝ @M>9]'|Ie|_'\C;)iK/E |횗)s _ /}/S{ L%%e ^^'U W CJ;/WJ%_^U\]_MO7EtAtS5u \C7?7){)^ }~ _O!-߇BmZ>m B)ݦ_ty[)rֺƅ)IJ~9,S ?EU/nvS:W/)W~y>{-sg+i,_a( - /Y+cn5:HAba c|:,y&#3Wyd#RbyeÿVG=1>wIxϕ]"&b˯-cENZ9.~QLɜ8O#Hj0U1=rDd'h{H8эOeqbnARL-mz#}n͌ (G.vX)n7epK|` K}uexv'-5lNA6KER>]xBfi3A ~4ýEibw/a4 5DFrt=K6@$ۛX,@u4 4HƞJP()U_TJݞOrDaӼC"N ߷#d%/krkX l?*PPB4|O۰W1]7Q!ǡG!,p<@.F݊5%~E Px 9j V(6of)2?hUH<g$mC(27;;st؋=,<z=-q?w8[]^ ̇9AwE˹'20] pg1!]tR; -\Ó/nҸ{d|EvP"Squ(!3 :30U)֒_gwWdlG%խ}Y)&] arV$,R4+9" oPmb/3yJ>? T|5[\6HDR }N0L'.7NA9D@0anw ˎG3F)f$N`SxC}E{Vopm$x};+Lt.;Oulם@ P2⁜2ћOt4gHPWnvWHg귾77YB:p8_@&s`ܐ}ohI-CGu zQڃxeVb05yM& p?dDy#b[pG\R8k̬UpvN&f , ~93QKo.9|e6٠^\:yq E{fuݍZBǗa҃6 1_X ( #LwM!ssZ{h݆GXxP;gzC%m;h.&42`lcp8 te0Q3LJ m!裍ȃz`..$AS}L5ʱ`,Hv"Vx8)ҾCCԘB>ecg쇖܌DŽ2C"4aqoq#dzPJw# w<;8ώ>[ .i2?;J sʧ9EjN+A!u}\ N3jc>&WO~:d`"ng_&O~]Tf/Og<,K2Lqg_ťFdx U5 Ex4$ysnj$.Qޜ#R2aQсʙ@ÝضMti?!7 ?’qT*h;vf+|g?йFX5ԅpP>JY9|TMLɨ?w ^{;1c{,a=?ECIb#wJ}OY$ z>oZ7 P `"Su_d5jpLϛ4\D)5?;*1"t,qIeS޹;Yxd9 ЛJ/i0_@x>mؼ٦A݄߯xg)s*!de.f|NVˆ6]ޟR&?酫a6|UIxPhe-)z,\~+:D́\j"Fm}uegtxIܲF._"yV4Hm }591jdy;O6*QO%#oF<MT§l{B x|k~]pտz]l\B0DZ,TɌjkZߐJwY.s|a[ggт :2~s4cQzr/Պ 1ClMˏk`6_d_/eh(|PrQmJϡLdѻ΂Zxggp` +nòE7?JQ9