Phishers using current events as bait

A couple of new phishing e-mails have emerged that use current events to lure victims to bogus Web sites where they are offered the opportunity to download malicious code or turn their money over to crooks.

The MX Logic Threat Center found e-mails using a lengthy account of victims' suffering to solicit charity for survivors of the earthquake in China's Sichuan province. 'Sometimes the depth to which spammers will stoop really sickens me,' said Sam Masiello, director of threat management at MX Logic. 'We've seen this type of scam before ' after Hurricane Katrina back in 2005 and the Indian tsunami in 2004 ' and now we are sure to see more scams over the coming weeks.'

Other e-mails attempt to capitalize on a less catastrophic event ' the release of Microsoft Windows XP Service Pack 3. The subject line suggests it is an important update and provides a link to download a patch for a high-priority vulnerability. The spelling of the originating address ' Micrisoft ' should be a dead giveaway. The 1M file is malware, of course, identified by MessageLabs as a variant of Virut, a virus that infects executable files and opens a back door to an Internet Relay Chat server.

The standard rules apply: Microsoft knows how to spell Microsoft and does not e-mail links for downloads and updates. And if you want to donate money to a good cause, choose the organization and initiate the transaction yourself ' don't respond to an e-mail solicitation.

About the Author

William Jackson is a Maryland-based freelance writer.


  • automated processes (Nikolay Klimenko/

    How the Army’s DORA bot cuts manual work for contracting professionals

    Thanks to robotic process automation, the time it takes Army contracting professionals to determine whether prospective vendors should receive a contract has been cut from an hour to just five minutes.

  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

Stay Connected