"Osama Bin Laden Captured" [VIRUS ALERT] Spam Message That Downloads a Trojan

http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=109&STORY=/www/story/04-22-2004/0002157853&EDATE= ^ | 4-22-04 | PANDA

[OXENinFLA]

Panda Software Reports a Spam Message That Downloads a Trojan

The message is sent with the subject field: Osama Bin Laden Captured

GLENDALE, Calif., April 22 /PRNewswire/ -- Panda Software's PandaLabs has detected a spam message currently being sent to users which tries to get recipients to visit an advertising page and which also downloads a Trojan to users computers.

The characteristics of the message are:

From: the name of the sender is variable, although it tries to make recipients think it has been sent by the BBC or CNN.

Subject: "Osama Bin Laden Captured",

Message text: "Hey, Just got this from CNN, Osama Bin Laden has been captured! Goto the link below to view the pics and to download the video if you so wish: (Internet address) "Murderous coward he is". God bless America!".

The address indicated in the message takes users to what appears to be an advertising page. However, the page contains code that exploits a vulnerability (detected by Panda antivirus as Exploit/MIE.CHM). The code also downloads and runs a file (detected as VBS/Psyme.C). Finally, a file called EXPLOIT.EXE, which contains the Trojan Trj/Small.B is downloaded from Internet onto users' machines.

[OXENinFLA]

BE CAREFULL I JUST FOUND THIS !!

[Monty22]

ouch, NASTY!

[OXENinFLA]

VIRIUS ALERT!!

---

[Semper Paratus]

I was wondering todays "OBl Captured" rumor came from.

[Waryone]

This came to me today. I hadn't seen any news about Osama here at Freerepublic so I thought it had to be a virus and I deleted it. Usually the layers of anti-virus protection I have deletes these things before I get them.

Who would have thought that FR would be my last line of defense!

Thank you, FreeRepublic!

[OXENinFLA]

Funny this is I have Panda and I found this only after looking for stories about UBL being captured. Go figure.

[Not A Snowbird]

Thanks for the warning!

[holymoly]

detected by Panda antivirus as Exploit/MIE.CHM

So, it only affects Microsoft Internet Explorer. If you would rather spend more time enjoying the net than worrying about MSIE, there are alternatives:

Netscape  (It's built-in pop-up blocker is 99.99% effective.)

Opera

Security through obscurity.

[Redbob]

Already been through my company; keep a record of who you got it from - it can be useful to know who the real dummies are..

[wimpycat]

Goto the link below to view the pics and to download the video if you so wish:

"...if you so wish"? This virus wasn't written by a native English speaker.

I hope nobody's dumb enough to fall for this. After all, when Osama (or his mangled corpse) is captured, we'll hear about it first on...FR!

[fuzzthatwuz]

Thanks for the heads-up!

[Threepwood]

I got one last night that advised me to send my ATM pin and account number to a website that was only a string of numbers and a .nu domain.

Naturally, I complied immediately!

[Just another Joe]

Or Mozilla

[freekitty]

The first clue is "goto Cnn".

[cgk]

ping...