Malware scenario: Third World War has begun

Sophos is warning of an attempt by hackers to infect computers using the camouflage of a news report claiming that the USA has invaded Iran. Widely spammed out emails with subject lines including “Third World War has begun”, “20000 US Soldiers in Iran”, and “US Army crossed Iran’s borders” have been intercepted by Sophos. 

The emails contain links to a malicious webpage that displays what appears to be a video player showing the mushroom cloud of a nuclear explosion with the following text beneath:

Just now US Army’s Delta Force and US Air Force have invaded Iran.  Approximately 20000 soldiers crossed the border into Iran and broke down the Iran’s Army resistance. The video made by US soldier was made today morning. Click on the video to see the first minutes of the beginning of World War III. God save us.

However, Sophos experts warn that users visiting the webpage and clicking on the ‘video player’ run the risk of being infected by a Trojan horse, designed to compromise their computer.  Sophos detects the malware hiding behind the fake video as Troj/Tibs-UO and a malicious JavaScript hidden on the website as Mal/ObfJS-AY.

Sophos experts note that this is not the first time that news about rising tensions between Iran and the West has been exploited by hackers.  In 2005, a widespread spam campaign pretended to be a link to news about the controversial decision by Iran to continue work at a nuclear plant, but was really an attempt to infect users with a Trojan horse.  The year before, the Cycle worm dropped a message complaining that European governments were supporting the regime in Tehran, because of the war in neighbouring Iraq.