Websense Security Labs has detected a new spam campaign that uses a news item relating to a bomb explosion.


The new variant uses logos and images from the Reuters news agency to make the fake report look legitimate. The user receives an email that claims that there has been a bomb attack and a link that directs them to a domain disguised as Reuters.


The user is then encouraged to view a video supposedly related to the news report, and when they click on the video or the link below the video, they are advised to download the latest version of Flash Player. This leads to the download of the Waledac variants.

The theme includes legitimate links corresponding to Wikipedia and Google which are presented in a ‘Related Links' section of the attack websites. Those legitimate links are used to target unsuspecting users in order to increase chances of success with the attack.


The scammers are using IP address geolocation techniques to figure out which city the recipient lives in and are localising the fake bomb news to that location.