Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

Home    About    New Articles    RSS Feed    eBook    Contact
Bookmark and Share

Terror Hits London Trojan

Soon after the London terrorist bombings in July 2005, unscrupulous individuals began using the outrage for their own nefarious ends. Symantec Security Response reports that a trojan began spreading via email shortly after the bombings. The email carrying the trojan arrives in HTML format and masquerades as a CNN story about the attack. The subject line of the malicious email is "Terror Hits London".

An attachment to the email supposedly contains amateur video footage of the London Underground soon after the attack. In reality, the attachment holds a trojan. Opening the attachment will install this trojan on the recipient's computer. Once installed, the trojan can be used by spammers to send spam email from the infected machine. The name of the attachment is "London Terror Moovie.avi (124 spaces) Checked By Norton Antivirus.exe"

The large number of spaces in the file name and the spurious reference to Norton AntiVirus are included to hide the true nature of the file.

Scammers have also used the London bombings as an excuse to falsely solicit donations for victims.

Other scam or malware emails may follow in the coming weeks. Be cautious of any unsolicited emails pertaining to the London terrorist bombings.

Symantec - Trojan.Spexta
F-Secure Virus Descriptions : Delf.h
Trojan taps into London bombings

Write-up by Brett M.Christensen