TrendLabs has received reports of a new worm, which targets Arabic/Persian-speaking regions, spreading in the wild. Detected as WORM_WALLA.B, this worm spreads copies of itself as an attachment to email messages with subject lines and message bodies mostly relating to current events from the said regions (About Iran, Pictures from Gazza, About the Israeli Intelligence, and All the Truth about the American intelligence among others), conforming to the sensational social engineering scheme that has recently become prevalent. When executed, this worm first retrieves a target system’s keyboard layout settings, presumably to determine if the language used is Arabic or Persian, indicating a focused attack on regions using these languages. If the affected system does not conform to the languages, it terminates itself. Like many worms, WORM_WALLA.B gathers target email addresses from Microsoft Outlook. However, using HTTP functions, this worm also gathers email addresses from Yahoo! Mail or Yahoo! Mail Beta. Hence, this worm is another of the growing new generation of threats referred to as Web threats, so-called because they exploit the power of the Internet to wreak havoc. Users, especially from affected regions, are advised to be wary of the said email messages and not to open email attachments from unknown sources.
WALLA! A New Worm In the wild
1
