A recent worm is using breaking news to peak your interest. Don’t fall for it.
Become a Patron of Ask Leo! and go ad-free!
This is Leo Notenboom for askleo.info.
This week millions of email users began receiving email with subject lines
relating to current and breaking news, such as “230 dead as storm batters
Europe” accompanied by an attachment with a promising name like “Full
Regardless of the subject of the email or the name of the attached
executable, it’s a worm. Apparently it’s become one of the larger outbreaks in
What’s new about this particular worm is its use of social engineering and
current events to entice you to open its attachment. More commonly in the past
email borne malware has been fairly generic, with standard and often easily
recognizable come-ons or fractured English. This new breed of malware takes
some news event – often while it’s happening, as in the case of the European
storm – and relies on people’s intense interest in the story to get them to
forget about their normal caution regarding attachments.
Other versions I’ve seen this week have been even more provocative by
building on, or even fabricating, news based on current events. “Sadam Hussein
safe and sound!” with an attachment “Full Text.exe”. This example simply makes
up news that is so sensationalistic based on the recent execution of the former
Iraqi leader that it almost begs to be opened. Or “Russian missile shot down
USA aircraft.” with an attachment “Read More.exe”. This is based on China’s
recent successful test, shooting down one of their own satellites with a ground
based missile. I’ve now seen several versions of that headline with more and
more changes: who shot the missile varied; who’s satellite was shot down
changed; even wether it was a satellite, a plane or something else entirely was
different in different versions of this worm.
The only thing they had in common was that they were primarily a headline
with an executable attachment whose name promised more.
And if you open the attachment, you’ll get more alright – just not the more
you were expecting.
All this should serve as a reminder to us all that email based malware is
out there, and sometimes they can look pretty darned enticing.
Breaking news isn’t going to get distributed by random email from people
you’ve never heard of. And even if it is from a familiar name, it’s still best
to avoid it. There are plenty of places on the web where you can go and ask for
the latest headlines. Not only will they be accurate, but they won’t infect
your computer with who knows what.
I’d love to hear what you think. Visit askleo.info and enter 11087 in the go
to article number box and leave me a comment. While you’re there, search over
1,000 technical questions and answers on the site.
Till next time, I’m Leo Notenboom, for askleo.info.
3 comments on “Malware Using the News”
Useful warning and quite a good idea to add the transcript: for non English mother tongue it makes understanding sure without re-listening while improving the capability of listening. Just a minor shortcoming, I had to open two windows to keep the transcrip on the screen.
Leo, why and how (not too detailed) do people make these viruses and worms? How do get distributed so widely? Are people forwarding them? Is there some database of emails that malicious people have. What do they gain by sending worms and viruses? Thanks.
Ashrey: even a short answer to that one is long. I’ll try and post a full article on that some time.