Researchers from several security companies have identified new spam that uses news of a supposed terror attack to try to infect the unwary.
It starts with a spam e-mail about a supposed terror attack, with basic headlines like "Why did it happen in your city?" and "At least 18 killed in your city," according to Vnunet. There’s little in the mail itself, beyond a link to a fake news site.
But there’s still plenty of sophistication going on – the mail inserts the reader’s city into the title, increasing the likelihood of clicking on the link.
"They are using the city name of the user visiting the fake website and inserting this name into the website itself,"
McAfee researcher Micha Pekrul noted. "So the ‘breaking news’ gets even more attention, because when an attack happens in your home town, everyone would be anxious and curious."
Of course, anyone going to the phony site and trying to load the video there finds that it is in fact an .exe file, which brings in malware from the Waledac botnet.
Neither fake news stories nor geolocation are new tools for hackers, but this might be the first time they’ve been brought together.
- From pranks to nuclear sabotage, this is the history of malware
- Hackers hijacked traffic through Amazon servers for two hours, undetected
- What is fake news? How to spot it in an age of misinformation
- Facebook is on a fake-finding campaign before the next election
- 20 million Chrome users are fooled into downloading fake ad blockers