The spam e-mails carry a photograph of gunman Cho Seung-hui, who killed more than 30 students and teachers at the Virginia school on Monday before killing himself. The e-mails claim to link to a Brazilian Web site carrying movie footage of the campus shootings, according to researchers at Sophos. However, clicking on the link downloads a malicious screensaver file, called Terror_em_Virginia.SCR), which installs a piece of spyware that acts as a banking Trojan, which can be used to steal passwords, user names and account numbers.
"It is extremely disturbing that cybercriminals have so quickly jumped to exploiting this horrible tragedy. Unfortunately, it's not that surprising," said Ron O'Brien, senior security analyst with Sophos, in a written statement. "We've seen similar behavior with other tragedies like Hurricane Katrina and the death of Pope John Paul II. Cybercriminals prey on the interest of concerned citizens hoping for the latest information on breaking news and, if history repeats itself, we'll see this campaign continue until interest fades."
The U.S.-CERT issued a warning on Tuesday that users and IT managers should be aware that new phishing campaigns generally are launched in the wake of tragedies and natural disasters. Researchers at the government's Computer Emergency Readiness Team advised users to remain cautious when receiving unsolicited e-mail that could be a potential phishing attempt.
Phishing e-mails often arrive in the form of phony requests for donations from a charitable organization, asking the users to click on a link that will then take them to a fraudulent Web site set up to appear to be a legitimate charity.