A new e-mail attack bearing the subject “Osama Bin Laden Captured” downloads a trojan onto the computers of recipients who click on a link promising additional details, according to antivirus vendor Panda Software. The scam spam provides a prime example of social engineering, masquerading as a news bulletin that, if legitimate, would generate click-throughs from a significant number of users. The text of the e-mail:
Subject: “Osama Bin Laden Captured”, Message text: “Hey, Just got this from CNN, Osama Bin Laden has been captured! Go to the link below to view the pics and to download the video if you so wish: (Internet address) “Murderous coward he is.” God bless America!”The URL takes the user to a page that contains code for a .chm (Compiled HTML Help) file that is auto-executed by Internet Explorer, and in turn downloads an executable trojan. Panda identifies the trojan as small.b, a family of trojans known to leave ports open so the compromised machine can be used for spam and other pass-through activity.