Trojans posing as rare Saddam Hussein execution videos
Keeping with their practice of tailoring malware-toting email for current events, malicious users are mass mailing what they claim is a rarely-seen video of the execution of Saddam Hussein.
Researchers at F-Secure have found three Hussein-related malware embedded in the emails, named video_sadan.exe, saddam.morto.scr and sadan.exe. The three files are actually the viruses W32/Banload.BSW, W32/Banload.BSX and Trojan-Downloader.Win32.Delf.ACC, according to the Helsinki-based anti-virus firm.
Two of the malware, Banload.BSW and Delf.ACC, open a YouTube page with the search term "enforcado" - the Portuguese word for execution - already entered, according to a post on F-Secure's weblog by Mikko Hypponen, chief research officer.
"This technique has been around for years," Hypponen told SCMagazine.com. "For example, we've seen several ‘Osama bin Laden caught, check the pictures in this attachment' types of email attacks previously."
Experts have long warned that spammers are adept at quickly creating malicious emails to take advantage of current - and sometimes tragic - events.
Ron O'Brien, senior security analyst at Sophos, told SCMagazine.com today that casual users will eventually see more malicious emails linking to YouTube.
"This is what I would consider a view into the future. Obviously, YouTube is very highly regarded by the majority of its users as a safe environment," he said. "So it's really not surprising that someone would try to include it in a spam campaign."
The malicious users behind the morbid malware have financial motivations, according to O'Brien.
"I have seen four different forms of malware that are part of what you would consider a spam campaign going out, and it looks like they're all trojans and they all have the intent of stealing bank information," he said. "It's social engineering. People hear about the pictures and (malicious users are) trying to entice them."
Click here to email Online Editor Frank Washkuch Jr.