Sophos Cloud Optix
Just how sick in the head do you have to be if you’re a computer criminal?
We’ve seen them exploiting misery in all imaginable ways: from natural disasters such as tsunamis and hurricanes,to terrorist bombings and even mining accidents.
Today we saw a large amount of malicious spam claiming that the recipient’s baby child had been kidnapped, and demanding a $50,000 ransom.
Of course, if you were foolish to look at the “photos” you would be opening up your Windows PC to a malware infection by the Troj/Resex-Fam Trojan horse, which then downloads further malicious software from the internet.
Before you know it hackers have taken control of your PC, and are stealing your identity, or using your computer as a spam relay, or launching distributed denial-of-service attacks, or – indeed – all of the above!
The email claims that your baby has been kidnapped.
More information about this attack can be found in the advisory we posted on the Sophos website, and on the SophosLabs blog.
This should be a reminder to everyone – even if a trick seems disgusting and beyond belief, it’s not too low for a hacker to consider using. It’s all very depressing, but sadly not at all surprising.
To try and cheer myself up, I’ve illustrated this blog story with a screen capture of an old DOS game from yesteryear – “Bouncing babies”. It’s a distant reminder of the halcyon days before we had to worry about email attacks, before we were troubled by spyware, and when sunshine was a regular fixture of the English summer.
… it just sounds so casual "hey we have kidnapped your baby"
Seriously.
Who talks like that?
If they wanted it to sound real they could at least TRY to make it sound scary
I think there is some presumptuousness on the part of some spammers/hackers about how English is typically used, as well as a poor grasp of proper grammar. “We have hijacked your baby”. M’kay…….
They've even attached a picture of your fume.What's a fume?
The only meaning for "fume" that I know of is either "to fume" meaning to be angry or "fumes" meaning foul smelling gaseous emanations of a fire or other source.
Do you have to call them a hacker?
I agree, cybercriminal != hacker. When this article was written in 2008 when the term hacker had more of a negative conatation. Hindsight!
"hacker" should still have a negative connotation to all regardless of the purported motives of those who are executing the hacks. All hackers are deviants who seek to harm you, even those who pretend that they are doing it to help someone else. All criminals conjure excuses for their behavior in the effort to solicit supporters and defenders. Don't be fooled. They are still deviants.
Hey you reading this! I have taken control of your Blackberry/iPad/iPhone/Delete as Appropriate/Other.
Yes you know who you are, sitting there reading this stuff, oh yeah! I'm going to sell nude pictures of you I got whilst I took over your webcam when you were erm… nude.
I'm sure no-one would fall for the nonsense I have written above; therefore I can't imagine why someone would rush to open the picture sent with an email claiming to have kidnapped their baby. It just doesn't make sense to me. I don't know about the rest of the world, but where I come from babies are usually supervised or at least within view of someone who normally doesn't have kidnapping tendencies.
Where I come from, babies kidnap hackers.
They hardly tried to make it realistic…
I can't imagine anyone falling for it..
Oh I see and so true – I get email discussing another subject, yet lured to to see porn or the phishing email to click the attachments, when they could of wrote on the page.
its simple
people will download that file open it and their pc gets infected.
They want to kidnap my kids? Good. They’ll return them in 6 hours.
Hijacked? Hijacked!? Actual laugh out loud moment. I think they meant kidnapped- it's a baby not a bus.