New Trojan Operates on Sympathy for London Attacks

July 12, 2005
Virus claims to be amateur movie clips from London bombings

After the 9/11 attack against the World Trade Center in New York F-Secure started to see malware that used the tragic events in an attempt to trick users into running malicious attachments. After only two weeks after September 11, the e-mail worm W32/Vote.A@mm was found and exactly a year after the event another e-mail worm, W32/Chet@mm, was found. While Vote.A didn't spread very well, the Chet worm was widespread and forced us to issue an F-Secure Radar 2 warning.

Unfortunately we've already found the first trojan that tries to exploit the London bombings. It's arrives as an attachment in e-mail messages looking like this:

The ZIP file contains the file "London Terror Moovie.avi <124 spaces> Checked By Norton Antivirus.exe'. F-Secure detects the trojan as 'SpamTool.Win32.Delf.h' with the update [2005-07-11_01]. Also, a hoax e-mail looking like it's coming from the British Red Cross have been reported from Australia. The Australian Red Cross has a notice up about this hoax on their website: http://www.redcross.org.au/default.asp.