That’s right, and this time it’s not a hoax! Bin Laden was killed by a CIA-led operation on Sunday night at a mansion in Abbottabad, north of Islamabad. In 2004, Symantec reported a hoax email attack with the subject “Osama bin Laden Captured” which contain a link to a Web site that hosted malware. Similar attacks that used such false information about Osama Bin Laden were also distributed in 2005 and 2006.
News targeting famous/notorious personalities are often used in scams. At this moment, we at Symantec Probe Network are observing a huge inflow of legitimate messages carrying links to the news. However, in all likelihood, there will be an increase in spam volume targeting this news.
In one of the spam samples, the message is poisoned using the news of Osama’s death. The news snippet is glued in an HTML <title> tag which is invisible to the end user.
The link provided in the message has nothing to do with the news and directs the user to a promotion site as shown in the image below.
Another poisoned spam sample is a typical 419 scam message where the phrase “OSAMA IS DEAD” is used at the end of the subject line “Subject: GOODNEWS FROM ROBERT SWAN MUELLER III (OSAMA IS DEAD )”. Internet users may be curious enough to read each and every news item related to the operation carried out against Osama and its updates. So we expect to see messages like these where popular search terms are used to increase the curiosity of the user.
In a Portuguese spam sample, the message claims to show unseen footage at the time of Osama’s death. It seems that the spammer failed to add the malicious link in the message. Historically we’ve seen messages such as the one shown below perform malicious activity in the form of downloading binaries and infecting the computer. Below is the snapshot of the email and its translation.
News of Osama’s death and subsequent updates are closely followed on the Internet. We predict a rise in scam and malicious attacks over the next few days. We advise users to be cautious about opening unsolicited emails with this news as a subject. We are monitoring this trend and will keep our readers updated.
Thanks to Paresh Joshi, co-author of the blog.