Bogus news is old news. Whereas most email spam use “original” subject lines and message bodies that are actually just made up, a new threat dares to be different. Detected by Trend Micro as TROJ_PROXY.AFV, it arrives as an attachment to spammed email messages that use real news headlines.
It uses any of the following subject lines:
- Law hits Las Vegas ‘fake’ bands
- Man Awakens From 19-Year Coma
- Re: U.S. violent crime up again, more murders, robberies
It also uses any of the following message bodies:
- Decade Of Mystery: John Ramsey Speaks
- Man wakes from 19-year coma in
- Poland US vows to pursue hunt for missing soldiers
- Password for submitted attachment is xxx
Except for one that is dated November 2006 (â??Decade of Mystery: John Ramsey Speaksâ??), these headlines are of news items published early this month. The stories are from credible news organizations such as the BBC, CBS, ABC, and Yahoo! News. This calls to mind a NUWAR variant that parses the “Most Popular” section of CNN’s legitimate news site and lifts the sensational headlines, which it uses as subject lines in spammed email messages.
While this may suggest that spammers are getting lazy devising stories of their own, the observed technique in fact substantiates new and enhanced avenues for social engineering characterizing the evolving threat landscape. Using news headlines is bound to work not only because the stories are gripping by themselves but also because a veneer of credibility exists, making it harder for users to tell that the email messages carrying these headlines are actually malicious.
Users are therefore advised to read their news straight from the news sites and not to trust secondary sources, which in this case the spammers are.