It looks like you're using an Ad Blocker.

Please white-list or disable in your ad-blocking tool.

Thank you.


Some features of ATS will be disabled while you continue to use an ad-blocker.


Storm worm e-mail says U.S. attacked Iran

page: 1

log in


posted on Jul, 9 2008 @ 07:02 PM

Storm worm e-mail says U.S. attacked Iran

Recent e-mails stating that the U.S. has already attacked Iran and, in some cases, also offering links to a video purportedly from a soldier, are not to be believed, according to Websense. The security vendor said in an advisory Wednesday that it has linked the provocative e-mails to the Storm worm.

Storm got its name because it first took advantage of a huge winter storm in Northern Europe in early 2007. Since then, it has used a variety of social engineering tricks, including the use of political themes, to get unsuspecting users to open its malicious payload.

This time Storm is offering form.exe and iran_occupation.exe as executable payloads.

(visit the link for the full news article)

posted on Jul, 9 2008 @ 07:02 PM

Malicious content?


Something aimed at getting to certain web users and bloggers?

Has anyone here got this e-mail yet?

If so I'd like to know what happened, or more importantly what it contained exactly.

If you did get it, I would not advise opening any attachments.
(visit the link for the full news article)

posted on Jul, 9 2008 @ 07:13 PM
It seems like everytime someone mentions "IRAN" oil prices go up. I think they're trying to keep the ball in the air.

posted on Jul, 9 2008 @ 07:29 PM
reply to post by JediK

Could simply be someone or a group exploiting the recent interest and paranoia related to any news from Iran.

Who knows?

You can't trust anyone or anything these days, especially anything in your email inbox.

If we were attacking Iran I don't believe the first news will come from emails...

Or would it?

posted on Jul, 9 2008 @ 07:54 PM
I received this email;

"USA occupeid Iran" - Topic

"Third World War has begun

Download this as a file"

No attachments and I did'nt click the link

I've edited the http out, best not try that link.

[edit on 9-7-2008 by Gutman]

[edit on 9-7-2008 by Gutman]

[edit on 9-7-2008 by Gutman]

posted on Jul, 9 2008 @ 07:56 PM
Thanks for the reply is that link you posted to the site that may contain the worm?

If so maybe you should remove it?

I would not advise clicking that link until more is known.

posted on Jul, 9 2008 @ 08:00 PM
I've removed the site url in case it is the one with the worm.

I feel sure there would have been something on the news, unless the spammers have insider information, not.

posted on Jul, 9 2008 @ 08:15 PM
reply to post by Gutman

Thank you!

If nothing else perhaps anyone who reads this thread can consider themselves warned!

I can see how some people would be compelled to click the link and attempt to download the purported soldier video showing an alleged US attack on Iran.

Why do people do malicious things like this?

posted on Jul, 9 2008 @ 08:22 PM
Oh just wait for the excuse, this outta be interesting. Oil will surely go up because of this.

If the U.S, says that the U.S is attacking Iran, (if it goes onto the mainstream media.) I can see a big retaliation from terrorists that are well already here in the states. The U.S government knows all about this already, and won't do anything about it, because this moves forward to their NWO agenda that they want to achieve. Am I right or am I right?

[edit on 9-7-2008 by Shrukin89]

posted on Jul, 9 2008 @ 08:25 PM
reply to post by The_Alarmist2012

i wouldnt say its malice.

maybe some idiot just trying to pull some legs and get a rise for him or herself.

but no i havent gotten this email..

posted on Jul, 9 2008 @ 08:27 PM
Bot masters are pretty smart, always using variations of current events to get people to click the links so they can turn your pc into a bot. (Its called Social Engineering)

Dancho (who the article quotes) has an awesome record at tracking these guys. I read his blog regularly, and I've been fortunate enough to coorespond with him in the past.

The link in the email takes you to a malicious website. The video link at the website activates the storm worm (its actually a bot) payload, as does clicking the website ad banner. The website also has a hidden malicious iframe containing 9 well documented exploits.

The video at the website(s) execute "iran_occupation.exe" or if you click the webpage banner ad, "form.exe" executes the payload.

Play it at your own risk.

Sophos and CERT both have long lists of the various email subject lines and email body text.

Example Email Subject lines in use:

20000 US soldiers in Iran
Iran USA conflict developed into war
More than 10000 Iranians were murdered
Negotiations between USA and Iran ended in War
Occupation of Iran
Plans for Iran attack began
The Iran’s Leader Mahmoud Ahmadinejad declared Jihad to USA
The World War III has already begun
The begining of The World War III
The military operation in Iran has begun
The secret war against Iran
Third War in Iran
Third World War has begun
US Army crossed Iran’s borders
US Army invaded Iran
US army is about 20 kilometers from Tegeran
US soldiers occupied Iran
USA attacked Iran
USA declares war on Iran
USA occupeid Iran
USA unleashed war on Iran
War between USA&Iran
War with Iran is the reality now
Washington prefers to shoot first

As of yesterday only 3 of the major anti-virus vendors flagged the new exe file as malicious.

If your worried that you may have clicked the link for the video, just check your %WINDIR% directory for the following two files: msserv.exe or msserv.config. If you have them you are infected.

[edit on 7/9/08 by makeitso]

posted on Jul, 9 2008 @ 09:10 PM
reply to post by makeitso

Excellent and informative post.

Be careful clicking links!

If we attack Iran, wait for the news to come from Fox News.... Then you will know without a doubt that it is true.

[edit on 9-7-2008 by The_Alarmist2012]

posted on Jul, 9 2008 @ 11:53 PM
reply to post by makeitso

Thanks for the link to Dancho. Interesting.

new topics

top topics


log in