Right after the U.S Independence Day fireworks, Storm Worm latest campaign launched a couple of hours ago, is back online this time attempting to once again exploit client-side vulnerabilities, this time serving iran_occupation.exe by spreading false rumors of U.S invasion in Iran. The text reads :
"Just now US Army's Delta Force and U.S. Air Force have invaded Iran. Approximately 20000 soldiers crossed the border into Iran and broke down the Iran's Army resistance. The video made by US soldier was received today morning. Click on the video to see first minutes of the beginning of the World War III. God save us."
Despite that you're highly advised to stay away from spam and phishing emails in general unless you know what you're doing, the latest Storm Worm domains used in the "Iran invasion campaign" should get a priority for the time being :
statenewsworld . com morenewsonline . com dailydotnews . com dotdailynews . com newsworldnow . com