'Osama Captured' E-Mail Carries Trojan

Osama bin Laden has not been captured--but your PC might be if you attempt to open the Trojan horse this E-mail carries, security firms warn.
Osama bin Laden has not been captured, contrary to what millions of e-mails carrying a Trojan horse are saying, security firms said Friday as they warned users not to open the attachments bundled with the bogus message.

Since Thursday evening, U.K.-based BlackSpider Technologies has blocked more than a million messages containing the Psyme Trojan horse, the security company said in an e-mail.

The messages, which use several different subjects -- including "God Bless America!" and "Finally! Captured!" -- claim that Osama has been snatched, then goes on to say that while CNN or the BBC don't yet have footage, a military channel does. The attachment, the message continues, are images grabbed from that channel. The images are compressed and collected in a .zip file.

The Psyme Trojan is tucked into the .zip file, and when run, notifies the attacker that it's in place, and scans a number of pre-set URLs to download additional malicious code. Some of those URLs were still active as of Friday morning, according to a bulletin posted by the Finnish security vendor F-Secure.

Friday's fake message wasn't the first to evoke Osama's name in the hope of duping users into opening attachments. In July, 2004, for instance, a Trojan was packed with a message claiming that bin Laden had committed suicide.

Editor's Choice
Samuel Greengard, Contributing Reporter
Brandon Taylor, Digital Editorial Program Manager
Jessica Davis, Senior Editor
Cynthia Harvey, Freelance Journalist, InformationWeek
Carrie Pallardy, Contributing Reporter
John Edwards, Technology Journalist & Author
Astrid Gobardhan, Data Privacy Officer, VFS Global
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing