Here is the mail that currently spreads:
The link provided does not work itlself.
But the real link does:
http://noticias. terra.woonet.co.kr/videos/paquistao/terrorismo/osama/05/05/2011/video-proibido-mostra-momento-da-execucao-de-obama-por-agentes-na-operacao.php?0.14094
PLease note the allusion to "Obama" et "execution", even if I'm not a linguist. There is probably a mistake, or a will to associate "Obama" and "execution" (that should be "Osama's execution"...).
IE9, working with SmartScren/Windows Defender does alert and blocks the download, that's good.
BTW, Clam In the Cloud and Panda Cloud do detect the sample as well.
Then, according to VT, 24 engines (reminder: command line versions) out of 41 do detect the malware:
http://www.virustotal.com/file-scan/report.html?id=e367ad6e9f26191e59dab7a9b681d05f40b23fee120ef1757def56c4a2b84f4b-1304723523
Murlo/Delf, well, nothing that new.
And to finish with, a sandbox:
http://www.threatexpert.com/report.aspx?md5=8bef97fcdd7a160b230749b824b9cb95
Just an oldfashion Rbot packed with Pklite32... and it mostly targets Brazilian websites/assets.
In a nutshell, do not open that email nor click on the link!
