Just got an e-mail with a subject line of "Captured! Finally!" It's an old trick about Osama Bin Laden being captured, but NOD32 is picking it up as an AH detection, so maybe a bit of new code. Heads-up.
Wasn't a virus distributed in nearly exactly the same manner a little while ago? Maybe the authors are running out of ideas
well until "he" really is captured (and it could refer to ANYONE) - it's not a "bad" catch-line to entice recipients into opening an email...
What version are you using that this was caught? Received this same email. I was able to identify it wasn't something I wanted to run, but NOD32 scanned it as safe. I even saved the attachment to the local drive and ran a manual scan and confirmed that the file inside the .zip file was scanned. Still said it was safe (didn't find a threat). I'm at (was using 20050601 Virus signature): -------------------- NOD32 antivirus system information Virus signature database version: 1.1125 (20050603) Dated: Friday, June 03, 2005 Virus signature database build: 5701 Information on other scanner support parts Advanced heuristics module version: 1.015 (20050602) Advanced heuristics module build: 1083 Internet filter version: 1.002 (2004070 Internet filter build: 1013 Archive support module version: 1.030 (20050419) Archive support module build version: 1117 Information about installed components NOD32 For Windows NT/2000/XP/2003 - Base Version: 2.50.16 NOD32 For Windows NT/2000/XP/2003 - Internet support Version: 2.50.16 NOD32 for Windows NT/2000/XP/2003 - Standard component Version: 2.50.16 Operating system information Platform: Windows XP Version: 5.1.2600 Service Pack 2 Version of common control components: 5.82.2900 RAM: 1024 MB Processor: Intel(R) Pentium(R) M processor 2.00GHz (598 MHz) -------------------- # m a r t y
And here's a report on this very trojan--which apparently didn't fool as many people as the idjits thought it would: Report
Top Internet News Headlines Virus claiming Bin Laden arrest fools few on Web 7 hr 33 min ago SAN FRANCISCO (Reuters) - A new computer virus in e-mails claiming that Osama Bin Laden has been arrested has failed to lure many users to open dangerous attachments, despite its high-profile headline, security software makers said on Friday. The virus began circulating in the past day and is one of several Bin Laden-type viruses that have been distributed on the Internet since May 2004. The current virus has a subject line claiming Bin Laden has been arrested. The U.S. government has been hunting Bin Laden since 2001, and holds him responsible for the Sept. 11, 2001, attacks on the United States. He has not yet been found. To become infected, a user has to click onto an attachment inside the e-mail to activate malicious code which allows a computer hacker to later use the infected computer to send spam and other nuisances on the Web. Oliver Friedrichs, a senior manager at the security response team at Symantec Corp., the world's biggest maker of security software, said only 10 of several thousand customers had alerted the company on Friday about the virus. Symantec rates the virus a "2" on a scale of "5," which is the most threatening. McAfee Inc., the second-biggest security software maker, said it had seen few infections caused by the e-mail virus.