14 DAY TRIAL // After the recent 4th of July campaign, Storm related spam is once again making the news. The latest Storm spam messages inform you that the US military has invaded Iran and you are of course invited to click on a link and watch video footage directly from the battle scene, but if you do, you will be infected with iran_occupation.exe. You are advised to proceed with caution and if you do receive such a message it is best to simply delete it.
According to Danco Danchev, the spam seems to be originating from these domains: statenewsworld.com, morenewsonline.com, dailydotnews.com, newsworldnow.com. The names suggest that the news comes from a legitimate site that is just trying to report current affairs. Things are definitely not what they seem, and on closer inspection it has been determined that all the above mentioned domains are registered to a single user, "ONLINE CO REANIMATOR". The email address provided by this person is [email protected]
What about the text content of the spam message? Well, for the security inclined users who will not open the message but are still curious to know what it says, here it is: "Just now US Army's Delta Force and U.S. Air Force have invaded Iran. Approximately 20000 soldiers crossed the border into Iran and broke down the Iran's Army resistance. The video made by US soldier was received today morning. Click on the video to see first minutes of the beginning of the World War III. God save us."
If you are really that interested in current events, why not try a news portal or a trusted news site? Even watching the news on TV is safer than heading to the words of spam messages. Storm does not report factual events; the spammers simply make up news in an effort to get you to click that link and become infected.