[Dshield] He has been captured - Possible Virus Email

Ed Truitt ed.truitt at etee2k.net
Fri Jun 3 02:35:37 GMT 2005

Karen Gispanski wrote:

>Has anyone received emails claiming Osama Bin Laden has been captured?  Some subject lines read He has been captured and others read Glod Bless America!
>It has a attachment pictures.zip.  
Yeah -- this one has been around for awhile.  According to "Urban 
Legends Reference" (http://www.snopes.com/computer/virus/osama.asp), it 
will install a trojan on your machine if you open it, utilizing an IE 
vulnerability.  The   Symantec calls it "Download.Trojan", McAfee calls 
it "backdoor-azu".  One of my machines was hit with this one -- it is 
nasty, installing all types of p0rn dialers, and other assorted 


Ed Truitt
PGP fingerprint:  5368 D25E 468C A250 9833  CCD6 DBAE 9C25 02F9 0AB9

"Note to spammers:  my 'delete' key is connected to YOUR ISP.
Also, if you send me UCE, I reserve the right to post your spew
on my Web site, with the appropriate color commentary, so that
others may have a good laugh at your expense."  

More information about the list mailing list