Malware attack poses as bloody photos of Gaddafi’s death

GaddafiThe death of Libyan dictator Colonel Gaddafi has almost inevitably resulted in cybercriminals taking advantage of the news story, and the general public’s seeming interest in viewing ghoulish photos and videos of his last moments.

Malicious hackers have spammed out an attack posing as pictures of Gaddafi’s death, tricking users into believing that they came from the AFP news agency and are being forwarded by a fellow internet user.

A typical message looks like this:

Gaddafi malware attack

Subject: Fw: AFP Photo News: Bloody Photos: Libya dictator Moammar Gadhafi's Death

Message body:

Libya dictator Moammar Gadhafi's Death

Libyan dictator Moammar Gadhafi, the most wanted man in the world, has been killed, the country's rebel government claimed Oct. 20. The flamboyant tyrant who terrorized his country and much of the world during his 42 years of despotic rule was cornered by insurgents in the town of Sirte, where Gadhafi had been born and a stronghold of his supporters.

Attached file: Bloody Photos_Gadhafi_Death.rar

Windows computer users who decompress the attached file are putting their PCs at risk of infection. The RAR archive file creates a malicious file called:

Bloody Photos_Gadhafi_Death\Gadhafi?rar.scr

Sophos anti-virus products detect the malware proactively as Mal/Behav-103.

Although there has been much speculation in the media about the possibility of Gaddafi-related malware attacks and scams, this is the first one that I’ve seen since the death of Gaddafi made news headlines around the world yesterday.

Internet users would be wise to remember to be very careful about the links they click on, and to be suspicious of unsolicited attachments.