Fill in the blank, depending on where you are. This new Waledac scheme attempts to play on fear, but the U.S. Homeland Security Advisory probably is not going to be rasied above orange because of it. This newest malware distribution campaign emails out shocking and phony reports of terrorism. A link within the message redirects a user’s browser to a phony Reuters video. The Waledac distributors also are continuing to use geoIP locators to identify the location of a user browsing their sites, and customizing their messages littered with poor english grammar. Here is text from one of the current web sites:
‘At least 12 people have been killed and more than 40 wounded in a bomb blast near market in _______. Authorities suggested that explosion was caused by “dirty” bomb. Police said the bomb was detonated from close by using electric cables. “It was awful” said the eyewitness about blast that he heard from his shop. “It made the floor shake. So many people were running ______.” Until now there has been no claim of responsibility.’
The screenshot below shows the well worn phony Flash player download prompt for unsuspecting users, stating that “You need the latest Flash player to view video content. Click here to download”:
Very few users so far are attemping to run the Trojan files (generally around 448kb in size) run.exe, save.exe or contact.exe being distributed from these sites, which is a good thing.
