Email with subject: "Israel Just Have Started World War III"
Late last night I found a strange email in my email Inbox; from a person I didn't know. It even had an attachment called: "News.exe". I could even save it to my hard drive without any antivirus program jumping up. Decided to submit it to McAfee's Avert Labs and a few minutes later I received the following results:
(Click the Image for a larger view)
It shows you that DAT version 5004 didn't detect this "Nuwar" virus, but they already had an "Extra.dat" available, which detect this virus. Hopefully this "Extra.dat" is included in today's DAT update.
Then I also submitted the "News.exe" file to VirusTotal to see if any of the other antivirus vendors would find the virus. See this screen shot for their results:
(Click the image for a larger view)
Even though many of the antivirus vendors found the virus some of the bigger comapnies, like Sophos, Microsoft, McAfee and Panda didn't find the virus.
If you get an email from an unknown person with a subject like:
-
Missle Strike: The USA kills more then 1000 Iranian citizens
-
Missle Strike: The USA kills more then 10000 Iranian citizens
-
Missle Strike: The USA kills more then 20000 Iranian citizens
-
USA Missle Strike: Iran War just have started
-
Israel Just Have Started World War III
-
USA Just Have Started World War III
-
Iran Just Have Started World War III
-
USA Declares War on Iran
and it has an attachment like:
-
More.exe
-
Read More.exe
-
Click Here.exe
-
Click Me.exe
-
Read Me.exe
-
Movie.exe
-
News.exe
-
Video.exe
then delete the email immediately and make sure you have an up-to-date antivirus signature files.
And since this is "patch tuesday" also make sure your version of Windows is patched and has all the updates. If you don't have the automatic updates enabled then check it at Microsoft Update.
For more information about this virus see McAfee's writeup: W32/Nuwar.