Within the past few days, an email worm has been circulating under any of the following subject headings,

* USA Declares War on Iran
* USA Missle Strike: Iran War just have started
* Missle Strike: The USA kills more then 20000 Iranian citizens
* Missle Strike: The USA kills more then 1000 Iranian citizens
* Missle Strike: The USA kills more then 10000 Iranian citizens
* Israel Just Have Started World War III
* USA Just Have Started World War III
* Iran Just Have Started World War III

which are more than a little bit provocative to anybody, and 6 of the 8 are especially provocative to anybody of Iranian ancestry, or who has friends or colleagues of Iranian ancestry.

The payload is a WinDoze executable.

Details, courtesy of Symantec, can be found at:
http://www.symantec.com/security_response/writeup.jsp?docid=2007-040904-0940-99&tabid=2

Note to Moderators: I deliberately put this in the Lounge, knowing full well that it might be moved, because of the unusually provocative worm subject headings, and because those gullible enough (or unprotected enough) to fall prey to a worm of this sort probably don't frequent the Tech Room, and knowing that moving it to the Tech Room would leave behind a "Moved" link that would hopefully direct the less-technically-inclined to the thread (hopefully before their computer became infected).

The payload is a WinDoze executable.
So, basically, the deal is in layman's terms.... dont download or execute anything you are not expecting from someone even if it someone you know. If it seems like it came from a friend, dont open it until you verified what it is first.

Of course... you could tell your friends to stop forwarding junk in the first place which would then really throw up a flag if you see something like this.

And, of course, dont open anything from anyone you do not know. Period. Just delete.

Follow these simple suggestions and it will cut down on spam, virus, and worm related issues quite a bit.

Yes.

My whole point in reporting this one (which seems to have petered out since the weekend, at least as far as my email is concerned) is that if the subject heading was provocative enough for me to open it (albeit in a web-mail interface running on a Linux server, accessed from Mozilla, itself running on a Linux box), just to see what it was, then it's certainly provocative enough to get opened by some poor sod who's foolish enough to be running an unprotected version of MicroSloth DontLook on an unprotected WinDoze box.

My ISP recently had a problem with the web-mail interface, that wiped out not only all the messages I still had on the server, but all my server-side spam filter rules. In starting from scratch on the spam filter rules, I was able to come up with a much shorter, much simpler rule set, that had the added benefit of adding a line (or lines) to the header, giving the name of whatever rule(s) processed the message. Should save me a bit of digging, if I see any false-positives.