Spammed-out Japanese Tsunami video links lead to malware attack

Filed Under: Malware, Social networks, Spam, Twitter

Experts at SophosLabs have intercepted a malware campaign that has been spammed out to users across the globe, posing as links to videos about the Japanese Tsunami.

Examples caught in Sophos's network of spamtraps have used various different wording for the video links, including: "VIDEO: The village that escaped the tsunami", "VIDEO: Struggle for normal life in Japan", "VIDEO: Woman talks about tsunami escape", and "Japan tsunami touches New Zealand".

Other malicious emails related to Japanese Tsunami

Fortunately the emails are pretty amateurishly assembled, as you can see in the following example, but such is the public's interest in watching the news from Japan that some may be temped into clicking on the links out of curiousity.

Japanese Tsunami malware email

The webpages linked to from the emails contains malicious Javascript (detected by Sophos as Troj/JSAgent-P) and a Java Applet (detected as Troj/JavaDl-BL) which attempt to exploit the CVE-2010-0840 vulnerability in the Java Runtime Environment.

Although the above emails may look a little suspicious because of their unprofessional layout, we have also seen some of the dangerous links emailed out as though they were Twitter notifications.

Japanese Tsunami-related malware attack posing as a Twitter notification

Our advice remains the same - keep your anti-virus software up-to-date, install the latest security patches, and if you're looking for news about the disaster in Japan, go to the legitimate news websites.

Scammers and cybercriminals feast upon natural disasters such as the earthquake and tsunami in Japan in their desire to make money and infect computers.

, , , ,

You might like

One Response to Spammed-out Japanese Tsunami video links lead to malware attack

  1. Net · 1292 days ago

    Any way/where the malicious links could be posted? I'd like to block these but can't when everything is blurred out of every article...

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.