Phishing Scam Exploits Virginia Tech Tragedy - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Enterprise Applications

Phishing Scam Exploits Virginia Tech Tragedy

Cybercriminals already are taking advantage of the tragedy at the Virginia school, sending out spam e-mails that lure people to download a Trojan designed to steal banking information.

Just a day after security researchers warned people to be alert for hackers and phishers exploiting the Virginia Tech tragedy, spam promising images of the shootings have begun spreading around the globe.

The spam e-mails carry a photograph of gunman Cho Seung-hui, who killed more than 30 students and teachers at the Virginia school on Monday before killing himself. The e-mails claim to link to a Brazilian Web site carrying movie footage of the campus shootings, according to researchers at Sophos. However, clicking on the link downloads a malicious screensaver file, called Terror_em_Virginia.SCR), which installs a piece of spyware that acts as a banking Trojan, which can be used to steal passwords, user names and account numbers.

"It is extremely disturbing that cybercriminals have so quickly jumped to exploiting this horrible tragedy. Unfortunately, it's not that surprising," said Ron O'Brien, senior security analyst with Sophos, in a written statement. "We've seen similar behavior with other tragedies like Hurricane Katrina and the death of Pope John Paul II. Cybercriminals prey on the interest of concerned citizens hoping for the latest information on breaking news and, if history repeats itself, we'll see this campaign continue until interest fades."

The U.S.-CERT issued a warning on Tuesday that users and IT managers should be aware that new phishing campaigns generally are launched in the wake of tragedies and natural disasters. Researchers at the government's Computer Emergency Readiness Team advised users to remain cautious when receiving unsolicited e-mail that could be a potential phishing attempt.

Phishing e-mails often arrive in the form of phony requests for donations from a charitable organization, asking the users to click on a link that will then take them to a fraudulent Web site set up to appear to be a legitimate charity.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
What Becomes of CFOs During Digital Transformation?
Joao-Pierre S. Ruth, Senior Writer,  2/4/2020
Fighting the Coronavirus with Analytics and GIS
Jessica Davis, Senior Editor, Enterprise Apps,  2/3/2020
IT Careers: 10 Job Skills in High Demand This Year
Cynthia Harvey, Freelance Journalist, InformationWeek,  2/3/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
IT 2020: A Look Ahead
Are you ready for the critical changes that will occur in 2020? We've compiled editor insights from the best of our network (Dark Reading, Data Center Knowledge, InformationWeek, ITPro Today and Network Computing) to deliver to you a look at the trends, technologies, and threats that are emerging in the coming year. Download it today!
Flash Poll