Since Thursday evening, U.K.-based BlackSpider Technologies has blocked more than a million messages containing the Psyme Trojan horse, the security company said in an e-mail.
The messages, which use several different subjects -- including "God Bless America!" and "Finally! Captured!" -- claim that Osama has been snatched, then goes on to say that while CNN or the BBC don't yet have footage, a military channel does. The attachment, the message continues, are images grabbed from that channel. The images are compressed and collected in a .zip file.
The Psyme Trojan is tucked into the .zip file, and when run, notifies the attacker that it's in place, and scans a number of pre-set URLs to download additional malicious code. Some of those URLs were still active as of Friday morning, according to a bulletin posted by the Finnish security vendor F-Secure.
Friday's fake message wasn't the first to evoke Osama's name in the hope of duping users into opening attachments. In July, 2004, for instance, a Trojan was packed with a message claiming that bin Laden had committed suicide.