Threat Analysis: Alan Neville
As word spreads of the death of Muammar Gadhafi, cybercriminals are starting to take advantage. We are already seeing spam campaigns related to his death with malicious attachments. Here are a couple of examples of what we have seen so far.
This particular campaign claims that Muammar Gadahfi’s death may not be true. The attachment is a malicious help file that contains Backdoor.Misdat as the payload.
Another example follows, but the attachment was corrupt. Thus, an unsuspecting user would not, in fact, have infected their computer if they had attempted to open the attached archive.
We expect to see many more of these emails over the next few days, typically with either a malicious attachment or containing a link to a malicious website. It is advisable to use reputable sources to view details related to the death of Gadhafi and to be vigilant when opening attachments or clicking on links in emails from questionable sources.