IT security and control firm Sophos is warning computer users to
be on their guard against unsolicited emails following the
discovery of a new malicious spam campaign that claims another
earthquake has just occurred in China, and could derail the
upcoming Olympic Games.
Samples intercepted by SophosLabs, Sophos's global network of
virus, spyware and spam analysis centres, contained the subject
line 'Million dead in Chinese quake' and a link to a .cn domain
webpage that claims that an earthquake measuring 9.0 on the Richter
scale has hit Beijing causing millions of casualties and put the
2008 Olympic Games at risk of failure. The webpage contains a link
to a video, claiming to show additional details of the disaster. In
fact, when clicked on, the link will download malware known as
Nuwar-E onto the user's computer.
"The recent Chinese earthquake is still so fresh in people's
minds, that many computer users won't think twice before opening
this email and clicking on the link," said Carole Theriault, senior
technology consultant at Sophos. "The spammers are using one of the
most common tricks in the book in an attempt to spread their
malware, and if people continue to open unsolicited emails,
unfortunately the spammers will continue. All computer users need
to think twice before opening messages from people they don't know
- the chances are it will be spam and could result in your computer
Sophos experts note that by using the highly-anticipated Olympic
Games due to take place in Beijing in August, the spammers are
hoping to take advantage of the excitement surrounding the event in
order to trick unsuspecting computer users into downloading their
"We're likely to see more spam messages referencing the upcoming
Olympic Games as we get nearer to the event," continued Theriault.
"Spammers will be hoping that computer users will be so eager to
find out more that they'll forget their common sense when it comes
to their emails."
This is not the first time that spammers have used Chinese
domains as part of their spam campaigns. Earlier in 2008, a
promotion invited people to register .cn domains for a mere one
Yuan (GBP 7 pence). Sophos experts note that such a low cost is
attractive to spammers as they can register hundreds of new domains
and rotate them ever few minutes during a spam run in order to
bypass spam filters that use URL blocklists.