After fake sites, fake Antivirus, fake blogs, and fake forums, spammers plough on with fake news.
Threat analyst Juan Pablo Castro reports of spam announcing the declaration of World War III.

Figure 1. Sample spam that warns of World War 3

Figure 2. Another sample spam that warns of World War 3
The link provided points to a legitimate-looking CNN page with a video. However, users wishing to view this video are prompted to install an ActiveX Object:

Figure 3. Missing ActiveX object is actually a spyware
Note that CNN’s real URL is http://www.cnn.com.
The supposed ActiveX Object is actually malware, which Trend Micro detects as TSPY_BANCOS.JN. TSPY_BANCOS.JN, like all BANCOS variants, is an info stealer that monitors the browser of the affected system. It waits for the user to access certain banking-related Web sites, then spoofs the login pages of the bank Web site to steal sensitive account information.
The request to install an ActiveX Object is a popular ploy to spread malware these days, and this bogus ActiveX Object is yet another one designed to deceive the user to believe that he’s installing something useful.
Then again, use of sensational headlines is nothing new, and spammers are constantly churning their creative juices to invent the most inviting email subjects. Though Trend Micro products already block the malicious URL, the spam and the related malware through Smart Protection Network, users are advised to do the following for the next spam that finds it way to their inboxes:
Never reply. Never click. Never believe.



October 4th, 2008 at 3:26 pm
[...] http://blog.trendmicro.com/world-war-iii-malware-spam/ [...]
October 8th, 2008 at 4:03 am
[...] Misschien heb je ‘m onlangs wel gekregen: de mail waarin je kon lezen dat Wereldoorlog III begonnen was met de Russen die Tiblisi plat legden met een atoombom. De link voert je naar een website die veel op CNN lijkt, maar het niet is. Je kon er een filmpje bekijken van Bush, die aankondigde dat Rusland atoomwapens had gebruikt. Wie het filmpje wilde zien, moest echter een ActiveX downlaoden. In feite ging het om een virus… [...]