Malware criminals seem to never run out of tricks.
This time they seem to have spun off sensational (but fake) news about the current Iraqi conflict. Advanced Threats Researcher Paul Ferguson recently encountered the following spam mail:
Figure 1. Spam purporting to carry news about the latest Al Qaeda offensive.
The spam even goes on to discuss all the past diversionary (and equally terroristic) attacks allegedly linked to Osama Bin Laden and Al Qaeda, perhaps to raise the level of emotion required for users to throw all caution to the wind. After enumerating all these terrorist activities, the spam includes the link it introduced in the first paragraph with the enticing interview appearance of Osama Bin Laden. Users are cautioned to not let their curiosity get the best of them.
However, the lack of user discretion has an ugly price: the link leads to an executable file named news_usama_video.exe. The video is not a video; it is TROJ_AGENT.AKNH, a variant of a Trojan family known for playing support roles for malware in a bigger multi-component attack against users.
The URL link and the executable are both blocked and detected, respectively, by Trend Micro Smart Protection Network. Trend Micro customers, especially those with a keen interest in current affairs and the tension in the Middle East, are safe from this attack.
Other users should always maintain a clear head when dealing with unsolicited email, regardless of content. Embedded URL links have always been an easy way in for malware criminals to victimize PCs. It is best to set email applications to render all links in messages inactive and, in general, to treat all unsolicited email as suspect.
This is not the first time sensational (and bogus) content in connection to spam and malware infection has been used to attract victims: