Security experts warn of 'terror attack' spam

The attacks are being sent out as spam messages which contain hyperlinks

A new malware scam is using fabricated reports of a terrorist attack to infect users. Researchers from several security firms, including McAfee and Sophos, said that the attacks are being sent out as spam messages which contain hyperlinks.

The attacks carry such headlines as 'Why did it happen in your city?' and 'At least 18 killed in your city'. The message itself contains little more than a short sentence and a link to a phoney news site.

The attack distinguishes itself, however, in the use of geolocation services which collect traffic data and insert the name of the recipient's city into the article, further increasing the chances that he or she will click on what appears to be a video file on the page.

However, rather than load a video, the page attempts to download an executable file on the target system. The file then infects the user with malware from the 'Waledac' botnet (also known as 'waled').

"They are using the city name of the user visiting the fake web site and inserting this name into the web site itself," said McAfee researcher Micha Pekrul in a blog post.

"So the 'breaking news' gets even more attention, because when an attack happens in your home town, everyone would be anxious and curious."

Neither tactic is particularly new. Malware writers have long taken to creating fake pages for news events, attacks and natural disasters, both real and fabricated, to spread their wares. Geolocating is also becoming a particularly effective tool in social engineering attacks.