Spammed-out Japanese Tsunami video links lead to malware attack

Experts at SophosLabs have intercepted a malware campaign that has been spammed out to users across the globe, posing as links to videos about the Japanese Tsunami.

Examples caught in Sophos’s network of spamtraps have used various different wording for the video links, including: “VIDEO: The village that escaped the tsunami”, “VIDEO: Struggle for normal life in Japan”, “VIDEO: Woman talks about tsunami escape”, and “Japan tsunami touches New Zealand”.

Other malicious emails related to Japanese Tsunami

Fortunately the emails are pretty amateurishly assembled, as you can see in the following example, but such is the public’s interest in watching the news from Japan that some may be temped into clicking on the links out of curiousity.

Japanese Tsunami malware email

The webpages linked to from the emails contains malicious Javascript (detected by Sophos as Troj/JSAgent-P) and a Java Applet (detected as Troj/JavaDl-BL) which attempt to exploit the CVE-2010-0840 vulnerability in the Java Runtime Environment.

Although the above emails may look a little suspicious because of their unprofessional layout, we have also seen some of the dangerous links emailed out as though they were Twitter notifications.

Japanese Tsunami-related malware attack posing as a Twitter notification

Our advice remains the same – keep your anti-virus software up-to-date, install the latest security patches, and if you’re looking for news about the disaster in Japan, go to the legitimate news websites.

Scammers and cybercriminals feast upon natural disasters such as the earthquake and tsunami in Japan in their desire to make money and infect computers.