« Spotting an eBay Phish [Updated] | Main | Fake Quake Takes Cake »

June 18, 2008

Here is a new malware lure, using the same type of shock tactic that led many Aussies a couple of years ago to find out more about a false heart attack of then-PM Howard. This one claims to link to info about a new earthquake:

Subject: A new deadly catastrophe in China

Recent china earthquake kills million http://[removed].cn/

The web page contains all the fake details:

The image looks like a movie player, but it is just a dead image wrapped inside a link. Clicking the link downloads beijing.exe, a piece of malware that currently hits only 8 of 33 tests on VirusTotal.

I just received a second email message with different wording, but the same gist, leading to yet a different .cn domain. This is probably going to become widespread.

Don't fall for this one, kids. If you ever receive a message about a newsworthy item, check it first at cnn.com or your other favorite genuine news web sites. They may not always get it right, but if there is no news there about a 9.0(!) earthquake, you can be sure the unsolicited email message from someone you don't know is pure hokum, and can only lead to your own personal disaster (which also won't be in the news, despite ruining your computing life for awhile).