By Will Sturgeon, 9 July 2005 21:37
NEWS A virus has been spotted in the wild which attempts to exploit concerns surrounding the bomb blasts which rocked London last Thursday and left at least 50 people dead. Warning levels are currently low but that makes the attempt to infect no less tasteless.
An email purporting to offer a link to amateur video footage of the events on the London Underground in the aftermath of the bomb blast will install a Trojan on users' machines if they click on the attachment.
It's the latest instance of sickening social engineering as virus writers prey upon topical and occasionally disturbing incidents to make their attachments appeal to curious minds.
The Asian tsunami, the war in Iraq and also the 9/11 attacks on New York saw similar social engineering attempts.
According to UK email security firm MessageLabs the email appears as a mocked-up html newsletter from CNN with the subject line 'TERROR HITS LONDON'.
The sender's email address appears as breakingnews@CNNonline.com. Although that address could easily have been spoofed, the domain is not an official CNN domain and is registered to a firm in Florida.
The email asks recipients to 'See attachments for unique amateur video shots'.
The file name, 'London Terror Moovie.avi' appears a valid film clip bar the typo in 'movie', however after 124 character spaces there is the real .exe file name, though even this has been disguised as 'Checked By Norton Antivirus.exe'.
When executed the attachment copies itself to /Windir/winlog.exe and modifies the Windows registry key HKLM/Software/microsoft/Windows/CurrentVersion/Run so that it runs automatically on start-up, according to MessageLabs.
The Trojan then uses the compromised PC and the SMTP servers which it is configured to use to send out large volumes of spam email.
Comments
There are 4 comments. Join the discussion
1. Bob Davies
How about, Sick Email Readers Get What They Deserve.
Have some damned respect. Anyone clicking to view those videos deserves a virus.
2. John Walker
Bob - you're an idiot. Why is clicking on a link from CNN (as they believe) any worse than people sitting in front of BBC news programmes.
Have you fired off an angry email to the BBC, of course not, because you're an idiot.
This is a major story and there are people out there for whatever reason who want to see exactly what happened. There may even be victims families who would be trying to understand quite what went on and exactly what circumstances their loved ones found themselves in. You are a small minded little man.
3. Noxy
E-mails have already been sent by Advanced Fee Fraudsters taking advantage of the London attacks. One claims to be a doctor who is carrying out the last wishes of an attack victim to distribute millions of dollars to charity. This e-mail was received on Thursday evening, less than 12 hours after the bombings.
4. Reed Eldridge
What is the name of this Trojan Horse?