Cybercriminals are using cleverly crafted SPAM messages to get you to click on a link that supposedly takes you to a Reuter’s video of bomb blasts in your area.
I say cleverly crafted because the email will change based on where your IP address is. For instance, I received one with a subject line of, “Are you and your friends okay?”.
When I clicked on the link (yes as part of my research), I saw a webpage that showed the Reuter’s logo with, “Powerful explosion burst in Chicago this morning”. There’s a graphic to see the video with text below that reads, “At least 12 people have been killed and more than 40 wounded in a bomb blast near market in Chicago. Authorities suggested that explosion was caused by “dirty” bomb. Police said the bomb was detonated from close by using electric cables.”
Scanning through our logs of SPAM for our clients using The Box, we’ve been able to see how the message refers to a different major nearby city depending on where the client receives their email.
The video will install some malware via a download. We’ve identified the trojan as a strain of Waled or Waledac depending on your AV.
Other subject lines we’ve seen are: “Take Care!”, “At least 18 killed in your city” (which is interesting as all the emails we’ve seen state that 12 have been killed), “I hope you are not in the city now”, “Bomb blast near you” and a host of others.
We’ve reported before on how clever cybercriminals are to use hype and fear as examples of social engineering to get people to want to click on their links. When clicked, systems become infected.
Cyber threats such as these will continue as long as they’re successful at hooking at least a few million people. Hackers are making good money through their craft and will not stop. Using extreme fear and directing visitors to infectious websites will always be a tactic they pull out every once in awhile. This will die down and then in another few months they’ll use some other alarmist strategy and infect some more computers.
That’s what they do.