The five-time Grammy award winner Amy Winehouse was found dead in London on July 23rd. Symantec has already observed spammers who are trying to capitalize on related news headlines by sending out malicious threats less than a day after the news was released.
The two samples given below are examples that we have observed. These Portuguese-language attacks use similar spam techniques. All samples are sent from randomized individual email accounts with various subject lines related to the celebrity’s death in an attempt to lure interested readers to open a malicious URL. Immediately after the link is clicked, a pop-up window is shown, which asks users to download a file that is loosely disguised as an image or video file, for example (anything other than an executable).
The file is given a name that is related to the celebrity, and of course isn’t an image or video file, but a malicious binary. Symantec has detected the threats in these samples as Infostealer.Bancos. Symantec cautions recipients to be wary of email that comes from an unexpected source, especially email that is related to Amy Winehouse’s death.
From: <Details Removed>
Subject: ESTRAGOS DA DROGA NO CORPO DE AMY WINEHOUSE (0.762)
Translation:
Subject: Ravages of the drug in the body of Amy Winehouse
Malicious file name: FOTOS_DROGAS_WINEHOUSE.jpg.exe
From: <Details Removed>
Subject: Agencia de noticias inglesa divulga foto exclusiva do corpo de Amy Winehouse ao ser encontrada. Bebidas e possiveis drogas s ao vistas com clareza
Translation:
Subject: British news agency publishes exclusive photo of the body of Amy Winehouse found. Drink and drugs are seen clearly.
Malicious file name: _s-do-corpo-da-cantora-amy-winehouse-WVA.exe
-------------------------------------
Note: My thanks to blog contributor Carlos Mejia.