The Washington Post reported today that President Bush has hit another all time (69%) low according to a recent poll [link].
Q. Do you approve or disapprove of the way George W. Bush is handling his job as president?
A. 28% approve; 69% disapprove
SOURCE: Washington Post-ABC News poll conducted by telephone July 10-13, 2008 among a random national sample of 1,119 adults. Results have a three point error margin.
With that said, we stumbled across an e-mail today with the subject line “Afghan Bombing kills President Bush.” Time after time we see social engineering used to entice unsuspecting users to infect themselves and the subject line of this e-mail is proof of that.
Here is what the e-mail looks like. The body doesn’t really make much sense but I’m sure many will just read the subject line and click on the link despite this fact.
When we visit the site we see a copy of the YouTube SWF player and a prompt to download a file called watch.exe to see it.
If we download watch.exe and open it we see it exploiting vulnerable versions of Java.
MD5: efbd6daf5a73fa6398538f1eec1f48a2
The file has been made available to members of Malware Database.
More information about what watch.exe can be obtained here [result.zip] thanks to Joe Security!
Upon further investigation we found a massive wave of these going out today.
Take a look at some of the other e-mail titles we have seen:
Edit: New e-mail subject as of today. “Conspiracy of 1865 Lincoln assassination exposed”
Update here: http://malwaredatabase.net/blog/index.php/2008/07/20/the-plot-thickens-watch-exe/
