New Trojan Operates on Sympathy for London Attacks

Virus claims to be amateur movie clips from London bombings
Related To: 
July 12, 2005
A new email claiming to enclose a .zip file with video from the London bombings is a harmful Trojan.
A new email claiming to enclose a .zip file with video from the London bombings is a harmful Trojan.

After the 9/11 attack against the World Trade Center in New York F-Secure started to see malware that used the tragic events in an attempt to trick users into running malicious attachments. After only two weeks after September 11, the e-mail worm W32/Vote.A@mm was found and exactly a year after the event another e-mail worm, W32/Chet@mm, was found. While Vote.A didn't spread very well, the Chet worm was widespread and forced us to issue an F-Secure Radar 2 warning.

Unfortunately we've already found the first trojan that tries to exploit the London bombings. It's arrives as an attachment in e-mail messages looking like this:

The ZIP file contains the file "London Terror Moovie.avi <124 spaces> Checked By Norton Antivirus.exe'. F-Secure detects the trojan as 'SpamTool.Win32.Delf.h' with the update [2005-07-11_01]. Also, a hoax e-mail looking like it's coming from the British Red Cross have been reported from Australia. The Australian Red Cross has a notice up about this hoax on their website: http://www.redcross.org.au/default.asp.
Sign up for our eNewsletters
Get the latest news and updates

Related

Editor's Note: Any Self-Identified Dealers Left? (Revisited)
SMBs Push Ahead in Cybersecurity Leadership
Say Goodbye to Paper: The All-in-One Solution for System Integrators
Sponsored
The End of Guesswork: Perfect Camera Placement, Every Time
Sponsored

Voice Your Opinion!

To join the conversation, and become an exclusive member of Security Info Watch, create an account today!