I must admit that I was puzzled for a second when I saw an email with a suicide note as a subject line in my spam inbox. I wondered what product they might try to sell with that note or which drive-by download site might be hidden behind it. So, I opened it. The email was actually written like a real suicide note.
In the text of the message, a young Swiss guy explains that he has had enough with the world and that he has given up his painful fight against the Russian cyber-criminals. With some side notes, he explains that he had at least profited a little from their own tricks and was able to transfer some cash for himself from Swiss online banking accounts. Of course, he explains, all in the name of the greater good.
The mail then takes a tangent and tells a story about him catching his girlfriend red-handed with another guy, which finalized his decision of ending his life and the life of the two newly lovers as well. The mail included a couple of links to some other Web sites and the full post address of the person in question. This read as a very sad note and I was somewhat concerned because obviously things like this do unfortunately happen.
The astonishing part was not that the address (which did exist) was just five minutes away from my office, but rather that the linked URL was actually a Swiss security blog that I have previously read myself. I remembered that that guy indeed talked quite often about Trojan.Wsnpoem & Co. and that his blog had been offline due to DoS attacks for a few days.
But, as seems to be the case with most spam, it smelled fishy and a couple of checks confirmed that this was actually a classical “Joe Job,” where someone sends spoof emails aimed at tarnishing the reputation of the apparent sender. However, in this case there was a rather new implication used.
Despite the fact that the email text stated "when you read this, it's already too late," several dozen people called the appropriate police to report a possible suicide attempt. Because the police have to investigate these cases, they went to the apartment in question and rang the doorbell enough to rouse the poor 21 year-old guy out of bed at 2:00 a.m. in the morning. After the unpleasant awakening he had further problems in that he needed to explain himself and convince the officers that it was not really him who sent the emails, but some spammer—definitely not my favorite thing to do that early in the morning.
It is believed that some spammer got upset about this guy’s Web site that revealed certain tricks and enlightened others in order to prevent more people from falling victim to the spammed Trojans. In other words, this security blog messed up the profits of the spammers, so they came back with revenge. I haven’t seen the log files, but that scenario sounds like the most plausible to me.
It's neither new nor uncommon to get threats from malicious code writers if you work in the security industry. There have been numerous cases, from death threats to harmless notes. Anyone remember this friendly note?
But, the twist with the fake suicide note was a new one to me, and a sick one as well. Maybe it has something to do with the fact that we no longer just deal with a virus creator's ego that we might have hurt by stepping on his or her toes. Nowadays we often talk about stopping real cash flows, which might really upset some people. I wouldn't be surprised if they came up with more new sick twists. So, if you should ever get a suicide note from me, please call me directly and let me explain first. ;-)