People are always curious about different theories on tragedy, especially those involving airplanes or ship accidents. In fact, even after the Titanic sank decades back, hundreds of books were published and movies developed based on expert views. Malicious software authors use information related to similar tragedies to entice recipients into clicking on virus-laden links. We mentioned one such example of this in our blog last year after the earthquake in China in June 2008.
In a new spam campaign, recipients are lured by contradicting information published by a news agency regarding 9/11 Pentagon damage. Users are encouraged to spot a plane in the pictures, which are included in the email. They are also supplied with a URL link to access more information. This link redirects users to a hijacked website that will point to an HTA file (a program that can be run from an HTML document). When users execute this HTA file a download of several binaries is initiated onto the user machine. Symantec antivirus detects the main binary as Backdoor.Trojan. The "sender" information has also been spoofed so that the message appears as if it was sent by a trusted news agency.
For now, we are monitoring these attacks to check other variations and will keep readers updated with related information. Users are advised to not hastily open unanticipated HTA files, especially those that are received from an unexpected sender.
Here is a sample image of the message:
* Email body modified