Notice! The virus-spreading spammer doesn't have your baby but is claiming to. In recent emails observed by Symantec, malicious code is being spread by hoax emails claiming to have pictures of your hijacked [sic] baby. The Subject line makes the claim that someone has "hijacked" your baby and the attachment on the message is not a photo, but rather a zip file containing a downloader:
Subject: We have hijacked your baby Content-Type: application/zip; name="photo.zip"
The body will look similar to the following:
"Hey We have hijacked your baby but you must pay once to us $50 000. The details we will send later... We has attached photo of your fume"
The email comes with an attached zip file called "photo.zip," which...
I must admit that I was puzzled for a second when I saw an email with a suicide note as a subject line in my spam inbox. I wondered what product they might try to sell with that note or which drive-by download site might be hidden behind it. So, I opened it. The email was actually written like a real suicide note.
In the text of the message, a young Swiss guy explains that he has had enough with the world and that he has given up his painful fight against the Russian cyber-criminals. With some side notes, he explains that he had at least profited a little from their own tricks and was able to transfer some cash for himself from Swiss online banking accounts. Of course, he explains, all in the name of the greater good.
The mail then takes a tangent and tells a story about him catching his girlfriend red-handed with another guy, which finalized his decision of...
In the past few days Symantec has observed virus spam masquerading as news articles regarding the current Georgia-Russia conflict. We felt it was important to blog about this because this particular event is garnering a lot of media attention and holds a very high profile. Because of this, there is an extremely high potential for the spreading of malicious code by spam email using information on this event as a lure.
The messages themselves contain an attachment, along with instructions and passwords for the download of the attachment. The subject line appears to be a legitimate news story about the Russia/Georgia conflict. One subject line that has been seen reads: “Subject: Journalists Shot in Georgia.” A short description of a “news event” related to the Russia-Georgia conflict is contained within the body of the message.
The use of the attention-grabbing subject line seems to be intended as a social engineering tactic to entice recipients to click the link...
As we enter August, Symantec takes note in the State of Spam Report that spammers are continuing to attempt to entice users to open their messages by sensationalizing false news events. Popular targets of this headline or tabloid spam include current public events and figures, such as Obama and McCain.
In July, some of the subject lines observed were:
Beijing Olympics cancelled
Beijing postpones Olympics due to McCain-Dalai Lama meeting
Mccain Says Unsure If Obama A Secret Hippopotamus
Kick-up - Obama speaks in London - video
In the samples observed, the URLs were hosting malicious code (malware). There is a...
