Beware Of Osama Bin Laden Trojan

A spam e-mail that attached pictures of a captured Osama bin Laden but carries a malicious trojan in the attachment has been spreading recently.

Millions of copies of various versions of the e-mail were mass-mailed on Thursday, June 2, 2005. All versions of the message announced that the al-Qaida leader had been seized and included an attachment called "pics" that, when opened, attempted to download a worm to the victim's PC. If the download is successful, the worm will attempt to start propagating by e-mailing itself to the names in the mailing list. It can also set the victim's computer up to be used as a relay for spam.

Part of one of the spam messages seen by F-Secure read: "Turn on your TV. Osama Bin Laden has been captured. While CNN has no pictures at this point of time, the military channel (PPV) released some pictures. I managed to capture a couple of these pictures off my TV. Ive attached a slideshow containing all the pictures I managed to capture."

Though the Osama bin Laden e-mail was widely spammed, neither McAfee nor F-Secure had seen many reports of the worm. That indicates that most people are identifying the suspicious spam or blocking it.

This is not the first time Osama bin Laden's name has been used in an attempt to trick users to open a malicious file. Last year, a message claiming to contain pictures of the al-Qaida leader committing suicide surfaced in Internet news groups. The supposed picture file launched a Trojan to hijack the user's PC.

Source