Classmates malware attack poses as school reunion invite

Filed Under: Malware, Spam

Remember the days of the old school yard? You may prefer to forget them, but many people are nostalgic for the days of grazed knees, poor food and double geography.

A new malware campaign seen in the last few days plays on the popularity of websites like Classmates.com and FriendsReunited, by posing as an invitation to an imminent school reunion.

A typical malicious email posing as a Classmates school reunion invitation

Part of the email reads:

" With pride and joy we invite you to share a special day in our lives and join us for the Class Reunion on Friday, January 16th 2009.
Bring the gang from Our High School back together again!
Great party - from start to finish! "

Subject lines used in the malware campaign have included:

Friends waiting for your visit! Classmates
Classmates Reunion Soon - Your classmates Day
Classmates Reunion - Classmates Reunion - Special Preview Invitation
Classmates invitation - Reunion party Greeting Card.
Classmates Organiser Warning - Meeting high school and junior college classmates
Classmates Reunion Soon - [Class Reunion] Save the Date
This month we have chosen Reunion Day - January 2009!
Classmates Reunion Soon - Your classmates Day New Date.
Classmates Personal Invitation: Custom invitation
Invitation to preview new Reunion Classmates.
Important Classmates Day's 2009

Clicking on the link doesn't of course take you to the real Classmates website, but a bogus site which tries to fool you into installing an update to Adobe Flash to view a video invitation to your school reunion. Of course, the update is really a malicious Trojan horse designed to compromise your computer.

With many people returning to the office after the holiday break there is a danger that some will click on the link without thinking as they plough through their inboxes.

As ever, be wary of unsolicited emails, and if you are going to update software and plugins on your computer make sure you are getting those updates from the real, legitimate producer of the code, not a third party website that a hacker could have set up.

You might like

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.