The biggest news flashes for the last 48 hours involve reports of the devastating earthquake that struck near the coast of Chile, along with the tsunami threat to the Pacific region. As the extent of the damage due to the disaster remains unclear, people are eager to seek more information about the quake from any means possible.
Symantec has observed spammers trying to capitalize on the disaster headlines by sending out virus attacks less than a day after the quake. Below is a sample message:
Subject: Terremoto no Chile
Subject: Earthquake in Chile
In this message, spammers are using earthquake-related subject lines to lure recipients to open the email, which includes snippets of earthquake news in the body of the message. An image of a collapsed building, purportedly a still image from a video embedded in the email, actually opens malicious code that is detected as a downloader by Symantec. Once recipients click on the video capture, the malware will download. The image file (hxxp://www.<removed>/queimadas1.jpg) is detected as Suspicious.Dloader.
The message body is loosely translated as:
Nearly seven hours since the occurrence of the earthquake of 8.8 magnitude that hit the central region of Chile in the early hours of this Saturday (27), the Department of Real Affairs reports that have failed to contact the embassies.
See footage of the earthquake in Chile that causes damage and poor value judgments.
We would like to remind our readers that spammers will quickly target any recent or noteworthy events that are easily used to pique the curiosity of innocent users. The intent of this exercise is that of surprise, hoping that computer users interested in reading the news headlines may be caught off guard. Recipients should be vigilant and keep a keen eye out for this type of sensationalist spam email to avoid malicious attack.