Bin-Laden, Done That
Date Added: Feb. 6, 2006
As a general rule, virus warning e-mails are relatively light on details and heavy on threats and doomsaying and most often warn of things that aren't real. This one is a nice departure from that formula, in that it does describe a real computer security threat. It is also a excellent example of one of the primary pitfalls of relying on e-mailed warnings for computer security.
THIS was CONFIRMED BY GOING TO SNOPES.COM
Emails with pictures of Osama Bin-Laden hanged are being sent and the moment that you open these emails your computer will crash and you will not be able to fix it!
This e-mail is being distributed through countries around the globe, but mainly in the US and Israel.
Don't be inconsiderate; send this warning to whomever you know.
If you get an email along the lines of "Osama bin Laden Captured" or "Osama Hanged" don't open the attachment.
Confirmed at: http://www.snopes.com/computer/virus/osamahanged.asp
Origins: There are few headlines that would grab the attention of more computer users around the world than "Osama bin Laden Captured," and that's exactly what whoever created this lure was counting on to snare unsuspecting victims who use Microsoft platforms.
"Osama bin Laden Captured" isn't a virus in itself; it's the text of a message that includes a link to a file called EXPLOIT.EXE. When a message recipient clicks on this link to view what he thinks are pictures of Osama bin Laden's capture, he can end up downloading an executable Trojan known as Backdoor-AZU, BKDR_LARSLP.A, Download.Trojan, TrojanProxy.Win32.Small.b,or Win32.Slarp. Clicking the embedded link in the "Osama bin Laden Captured" message auto-executes a file called "EXPLOIT.EXE," which exploits a known security hole to download the Trojan. According to McAfee Security:
The Trojan opens a random port on the victim's machine. It sends the Port information to a webpage at IP address 126.96.36.199. The Trojan listens on the open port for instructions and redirects traffic to other IP addresses. Spammers and hackers can take advantage of compromised systems by using the infected computer as a middleman, allowing them to pass information through it and remain anonymous
In 2001, a computer worm spread far and wide, mostly because the malicious code was hidden in a file attachment named "Naked Wife." Making the infected file look appealing to the victim, thus increasing their likelihood of opening it, is a practice commonly known as "social engineering" and is a very effective way to get even the most skeptical among us to drop our guards for a glimpse of something extraordinary or sensational.
The security flaw described above, and the trojan designed to exploit it, are real, but old news. Earliest versions of this exploit date back to at least 2002. Here's one example of what the text of an infected message may look like:
Hey, Just got this from CNN, Osama Bin Laden has been captured! A video and some pictures have been released. Go to the link below for pictures, I will update the page with the video as soon as I can.
It is true that Snopes.com, a well-respected and comprehensive site that, like BreakTheChain.org, investigates e-mail rumors, has an article on the "Osama virus," Part of the message above is copied and pasted from that site. Unfortunately, when someone copies information in this fashion, it often becomes outdated. The site information changes, but the e-mail doesn't. Snopes has updated their site since this e-mail was launched, and they now downplay the risk:
Both trojans were easily detected and removed with updated virus protection software, and neither Osama message is circulating widely or poses much of a threat to PC users any more.
Using the Internet without anti-virus protection is asking for trouble. Virus scanners are inexpensive, easy to install and keep updated and are absolutely essential for going online. Besides, with protection, you can safely ignore warnings like the above. Read my article "Protecting Your PC" for for more information on preventing unwanted intrusions on your data. Break this Chain.
References: Snopes.com, TruthOrFiction.com, About.com