June 3, 2005 5:07 PM PDT
Bin Laden Trojan quickly constrained
Millions of copies of various versions of the e-mail were mass-mailed on Thursday, representatives from F-Secure and McAfee said. All versions of the message announced that the al-Qaida leader had been seized and included an attachment called "pics" that, when opened, attempted to download a worm to the victim's PC, the antivirus companies said.
If the download is successful, the worm will attempt to start propagating by e-mailing itself, said Craig Schmugar, virus research manager at McAfee. It can also set the victim's computer up to be used as a relay for spam, he said.
Part of one of the spam messages seen by F-Secure read: "Turn on your TV. Osama Bin Laden has been captured. While CNN has no pictures at this point of time, the military channel (PPV) released some pictures. I managed to capture a couple of these pictures off my TV. Ive attached a slideshow containing all the pictures I managed to capture."
Though the Osama bin Laden e-mail was widely spammed, neither McAfee nor F-Secure had seen many reports of the worm. "That indicates that most people are identifying the suspicious spam or blocking it," Schmugar said.
Ero Carrera, an antivirus researcher at F-Secure, agreed. "The initial numbers made us think that it could be a big outbreak, but in the end it was nothing more than just a big seed," he said, referring to a large number of initial spam messages.
This is not the first time Osama bin Laden's name has been used in an attempt to trick users to open a malicious file. Last year, a message claiming to contain pictures of the al-Qaida leader committing suicide surfaced in Internet news groups. The supposed picture file launched a Trojan to hijack the user's PC.
Saddam Hussein "death" photos have also been used as worm bait.