No, the BBC isn’t telling you about a gay video of the Georgian President

I would have written about this at the end of last week, but I was fortunate enough to take a long weekend holiday in Italy watching the craziness of the Palio in Siena. Anyway, as we’ve been covering other aspects of the Georgia-Russia cyberspace conflict (such as denial-of-service attacks, website defacements, and malicious spam posing as news reports) it seems worth documenting this one too.

Following earlier malware campaigns posing as breaking news reports from CNN and MSNBC, we saw spam at the tail end of the week pretending to come from the BBC.

The emails, clearly not originating from a supporter of the government of Mikheil Saakahvili, claim that the Georgian leader has been caught in a homosexual video. Even if you think the story is highly unlikely, some might consider that the video will be a joke, or a piece of juvenile but topical satire, and risk following the link.

georgia-message.jpg

Clicking on the link, however, leads the unsuspecting user not to a blurry videotape capable of scaring Tuscany’s finest racehorses, but to a Trojan horse: Troj/FakeAV-BP.

Customers who have deployed Sophos’s anti-spam products at their gateway were proactively protected from receiving the spam messages in the first place.