BOSTON -- IT security firm Sophos warns individuals of a social engineering phishing campaign that attempts to capitalize on the tragedy at Virginia Tech. Spam messages teasing camera phone footage of the Virginia Tech shootings have begun flooding inboxes worldwide. These messages, however, are infected with malware and could pose major problems if clicked through.
SophosLabs™, the company’s global network of high-security threat research centers, discovered the malicious spam earlier today through Sophos’s advanced behavioral genotype protection capabilities. The link within the spam messages points viewers to a file entitled ‘TERROR_EM_VIRGINIA.scr’. If downloaded, the link installs a banking Trojan on the users computer system and this Trojan can be used by cyber criminals to steal passwords, user names and account numbers.
“It is extremely disturbing that cyber criminals have so quickly jumped to exploiting this horrible tragedy. Unfortunately, it’s not that surprising,” said Ron O’Brien, senior security analyst with Boston-based Sophos. “We’ve seen similar behavior with other tragedies like Hurricane Katrina and the death of Pope John Paul II. Cyber criminals prey on the interest of concerned citizens hoping for the latest information on breaking news and, if history repeats itself, we’ll see this campaign continue until interest fades.”