X

Scammers customize news to deliver you malware

Latest Waledac scam fakes bomb news in e-mail recipients' hometown and then links to malicious Web site that looks like a Reuters article.

Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
Elinor Mills

Security experts warned on Monday of a new insidious e-mail scam that features false information about a bomb explosion in the recipient's hometown and leads to a malicious Web site.

The subject lines include "Take Care!" and "Are you and your friends in good health?" The e-mail includes a link to what looks like a news article on a Reuters page about the bombing. But the Web page and the news are fake, according to e-mail security provider Marshal8e6 and antivirus firm Sophos.

The scammers are using IP address geolocation techniques to figure out what city the recipient lives in and are localizing the fake bomb news to that location.

Meanwhile, clicking on the fake Reuters video page leads to malicious Waledac code being downloaded on the computer, the security firms said.

Earlier this year, the Waledac worm tricked people with fake Valentine's e-mails.

The fake page circulating now also includes Wikipedia and Google search links as "Related Links" at the bottom in an attempt to make the page look legitimate. However, missing words in the text of the story and poor grammar are giveaways that the page is fake.

Attackers are using IP address geolocation techniques to tailor fake news to the home town of the e-mail recipient in the latest Waledac scam. Marshal8e6