WikiLeaks-related spam carries worm

Given the great attention that WikiLeaks’ releases of diplomatic cables is garnering around the world, it was only a matter of time when malware pushers were going to misuse the users’ curiosity regarding the matter to gain access to their computers.

An e-mail with “IRAN Nuclear BOMB!” in the subject line has been detected by Symantec, with a spoofed header to make it look like it cam from WikiLeaks.org, saying “OBAMA is and IMPOSTOR!” and offering an URL.

By clicking on it, the victim is taken to a site where a Wikileaks.jar file attempts to downloaded a worm on the victim’s computer:

The worm in question opens a backdoor into the system by using a predetermined port and IP address, and allows the attacker to do all kinds of mischief: stealing, spying, routing traffic through the computer. It can also spread further by by copying itself to removable drives and the share folders of file-sharing programs.

In other words – be careful when on the lookout for information on WikiLeaks. Or, for that matter, for information on any topic that is very popular at that moment. Don’t click on links in unsolicited e-mails, and opt for well-established news sites to get the latest news about the matter.




Share this