June 3, 2005 5:07 PM PDT

Bin Laden Trojan quickly constrained

A spam e-mail that promises pictures of a captured Osama bin Laden but carries a malicious attachment has failed to spread widely, security experts said Friday.

Millions of copies of various versions of the e-mail were mass-mailed on Thursday, representatives from F-Secure and McAfee said. All versions of the message announced that the al-Qaida leader had been seized and included an attachment called "pics" that, when opened, attempted to download a worm to the victim's PC, the antivirus companies said.

If the download is successful, the worm will attempt to start propagating by e-mailing itself, said Craig Schmugar, virus research manager at McAfee. It can also set the victim's computer up to be used as a relay for spam, he said.

Part of one of the spam messages seen by F-Secure read: "Turn on your TV. Osama Bin Laden has been captured. While CNN has no pictures at this point of time, the military channel (PPV) released some pictures. I managed to capture a couple of these pictures off my TV. Ive attached a slideshow containing all the pictures I managed to capture."

Though the Osama bin Laden e-mail was widely spammed, neither McAfee nor F-Secure had seen many reports of the worm. "That indicates that most people are identifying the suspicious spam or blocking it," Schmugar said.

Ero Carrera, an antivirus researcher at F-Secure, agreed. "The initial numbers made us think that it could be a big outbreak, but in the end it was nothing more than just a big seed," he said, referring to a large number of initial spam messages.

This is not the first time Osama bin Laden's name has been used in an attempt to trick users to open a malicious file. Last year, a message claiming to contain pictures of the al-Qaida leader committing suicide surfaced in Internet news groups. The supposed picture file launched a Trojan to hijack the user's PC.

Saddam Hussein "death" photos have also been used as worm bait.

 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.