EmailSafety.net - Bomb hoax news fed to users after IP analysis

Bomb hoax news fed to users after IP analysis

Anti-Spam Software

What is Spam?

Spam Laws

Spam Facts

User Tips

Common Email Scams

What Are Visuses?

Virus Prevention Tips

Anti-Virus Software

Basic Tips

Recent News

Criminals are trying to trick users into downloading malware by luring them to a Web site that reports a hoax breaking news' story of a bomb explosion cleverly tailored to their location.

Spam delivers fake news of bomb blast as lure to malicious code

Picked up in different forms by the spam traps of several security vendors, the attack is able to work out the approximate location of the viewer from the visitor's IP address, serving one from a range of news localized versions of almost identical stories.

According to Sophos and Websense , an e-mail claiming that 18 people have been killed in an explosion starts with the subject line, "Why did it happen in your city?", "Take Care!". A link leads to what appears to be a Reuters news story on the bomb, complete with video, which turns out to need a special CODEC. Downloading this, starts an infection with Waledac (identified as WaledPak-E by Sophos).

Related Content

"At least 12 people have been killed and more than 40 wounded in a bomb blast near market in Amsterdam. Authorities suggested that the explosion was caused by a "dirty" bomb. Police said the bomb was detonated from close by using electric cables. "It was awful" said the eyewitness about blast that he heard from his shop. "It made the floor shake. So many people were running," runs the fictitious story.

Using a location lookup, the Web site is able to serve any one from a range of major cities close to the victim, including London, Amsterdam, Vancouver and Sydney, which might give the site a degree of plausibility for some people. There also appear to be several versions of the basic story, one of which claims the attack used a dirty bomb', and others which make no mention of such a scenario.

Given how easy it is to identify non-proxied PCs from the IP address, it's surprising the technique has not been used more often in the past.

"You'll notice that the hackers did not do a brilliant job in their wording - which might ring alarm bells in some people. But I wonder how many others would be blind to such a clue, and just click on the video regardless?," said Graham Cluley of Sophos.

Recent News:

· Feds draw a bead on Russian behind Mega-D botnet
· Ransomware Attack Resurfaces to Hold Files Hostage
· Adobe Reader X Makes PDF Files Safer
· PayPal Users Beware of Holiday Phishing Scam
· McAfee Reports Malware at All-Time High

Site Map | Recent News | Related Sites