IT security and control firm Sophos has discovered a widespread spam campaign that claims that a powerful explosion occurred at a nuclear power station located in the suburbs of London on the afternoon of September 9.
Samples intercepted by SophosLabs reveal that the emails claim to contain images in an attachment called victims.zip. In fact, clicking on the attachment will not open any pictures of the supposed explosion but will instead run a Trojan horse detected by Sophos as Troj/Agent-HQE. Once installed, the hackers can use the malware to spy on the victim’s computer and steal information for financial gain.
"Rather than use a real life event, the hackers have turned to fictional explosions and conspiracy theories in the hope they will strike a nerve with potential victims who will then click on the attachment without a second thought," said Graham Cluley, senior technology consultant at Sophos.
"All computer users need to show some common sense and delete these messages. It would be some media conspiracy to cover up such a large explosion for two days! Alarm bells should be sounding, but until everyone wakes up to these social engineering tactics, the cybercriminals will continue to use them."
The emails arrive in the potential victim’s inbox with the subject line: ‘Reply: A report on radiation contamination of Canada," and the body of the message reads as follows:
‘On Internet forums there appeared messages of a powerful explosion at a United Kingdom nuclear power station located in the suburbs of London.
According to witnesses’ statements the explosion happened at about 3pm on the 9th of September. In particular, one resident of this town has made a call and had time to inform her relatives that connection in the town was being cut off in order not to let people phone somebody. She insists that the explosion really took place at the nuclear power station, and that it was a really powerful one, and now the radiation cloud is moving.
This information is being unofficially confirmed in public agents’ private conversations.
Besides, local residents place pictures of the explosion consequences and victims’ bodies in their blogs.
The photo’s attached to this email!
Send this email to your friends!’
Sophos customers have been protected against the malware since 21.50 on September 10. Sophos recommends all computer users ensure their anti-virus protection is up to date, and run a consolidated solution at the email gateway to defend against viruses and spam. For more information visit Graham Cluley’s blog at –
