Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Malware Using the News

A recent worm is using breaking news to peak your interest. Don’t fall for it.

Become a Patron of Ask Leo! and go ad-free!


This is Leo Notenboom for

This week millions of email users began receiving email with subject lines
relating to current and breaking news, such as “230 dead as storm batters
Europe” accompanied by an attachment with a promising name like “Full

Regardless of the subject of the email or the name of the attached
executable, it’s a worm. Apparently it’s become one of the larger outbreaks in
recent years.

What’s new about this particular worm is its use of social engineering and
current events to entice you to open its attachment. More commonly in the past
email borne malware has been fairly generic, with standard and often easily
recognizable come-ons or fractured English. This new breed of malware takes
some news event – often while it’s happening, as in the case of the European
storm – and relies on people’s intense interest in the story to get them to
forget about their normal caution regarding attachments.

Other versions I’ve seen this week have been even more provocative by
building on, or even fabricating, news based on current events. “Sadam Hussein
safe and sound!” with an attachment “Full Text.exe”. This example simply makes
up news that is so sensationalistic based on the recent execution of the former
Iraqi leader that it almost begs to be opened. Or “Russian missile shot down
USA aircraft.” with an attachment “Read More.exe”. This is based on China’s
recent successful test, shooting down one of their own satellites with a ground
based missile. I’ve now seen several versions of that headline with more and
more changes: who shot the missile varied; who’s satellite was shot down
changed; even wether it was a satellite, a plane or something else entirely was
different in different versions of this worm.

The only thing they had in common was that they were primarily a headline
with an executable attachment whose name promised more.

And if you open the attachment, you’ll get more alright – just not the more
you were expecting.

All this should serve as a reminder to us all that email based malware is
out there, and sometimes they can look pretty darned enticing.


Breaking news isn’t going to get distributed by random email from people
you’ve never heard of. And even if it is from a familiar name, it’s still best
to avoid it. There are plenty of places on the web where you can go and ask for
the latest headlines. Not only will they be accurate, but they won’t infect
your computer with who knows what.

I’d love to hear what you think. Visit and enter 11087 in the go
to article number box and leave me a comment. While you’re there, search over
1,000 technical questions and answers on the site.

Till next time, I’m Leo Notenboom, for

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

3 comments on “Malware Using the News”

  1. Useful warning and quite a good idea to add the transcript: for non English mother tongue it makes understanding sure without re-listening while improving the capability of listening. Just a minor shortcoming, I had to open two windows to keep the transcrip on the screen.

  2. Leo, why and how (not too detailed) do people make these viruses and worms? How do get distributed so widely? Are people forwarding them? Is there some database of emails that malicious people have. What do they gain by sending worms and viruses? Thanks.


Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.