Sick virus writer exploits London bomb blast

A virus has been spotted in the wild which attempts to exploit concerns surrounding the bomb blasts which rocked London last Thursday and left at least 50 people dead. Warning levels are currently low but that makes the attempt to infect no less tasteless.

An email purporting to offer a link to amateur video footage of the events on the London Underground in the aftermath of the bomb blast will install a Trojan on users' machines if they click on the attachment.

It's the latest instance of sickening social engineering as virus writers prey upon topical and occasionally disturbing incidents to make their attachments appeal to curious minds.

The Asian tsunami, the war in Iraq and also the 9/11 attacks on New York saw similar social engineering attempts.

According to UK email security firm MessageLabs the email appears as a mocked-up html newsletter from CNN with the subject line 'TERROR HITS LONDON'.

The sender's email address appears as breakingnews@CNNonline.com. Although that address could easily have been spoofed, the domain is not an official CNN domain and is registered to a firm in Florida.

The email asks recipients to 'See attachments for unique amateur video shots'.

The file name, 'London Terror Moovie.avi' appears a valid film clip bar the typo in 'movie', however after 124 character spaces there is the real .exe file name, though even this has been disguised as 'Checked By Norton Antivirus.exe'.

When executed the attachment copies itself to /Windir/winlog.exe and modifies the Windows registry key HKLM/Software/microsoft/Windows/CurrentVersion/Run so that it runs automatically on start-up, according to MessageLabs.

The Trojan then uses the compromised PC and the SMTP servers which it is configured to use to send out large volumes of spam email.

Silicon.com's Will Sturgeon reported from London.