Experts at SophosLabs™, Sophos's global
network of virus, spyware and spam analysis centers, have stopped
thousands of messages related to an email scam that attempts to
fool people into believing that the sender has found a cure to
The emails, which come from a Yahoo email address, claim that
the 19-year-old correspondent has found a herbal root that has
successfully helped the sick recover from AIDS, and that hospitals
have confirmed that patients are no longer HIV positive. The email
continues, asking for help in bringing the cure to English-speaking
However, Sophos warns computer users that this is a ruse to
steal personal details, and that the fraudsters behind the scam
campaign can use such information to steal money from bank accounts
and commit identity fraud.
The person behind the scam email claims to have
found a cure for AIDS.
"People who receive this email may believe they are helping the
world fight AIDS, as well as potentially make themselves some money
from the proceeds of any distribution of a successful cure.
However, the scammers are just using another method to try to dupe
computer users into divulging sensitive information," said Carole Theriault, senior
security consultant for Sophos. "It's particularly sick of the
hackers to exploit human illness in their search for innocent
computer users to fleece."
This email con-trick is the latest of many 419 scams. These
scams are named after the relevant section of the Nigerian penal
code where many of the scams originated and are unsolicited emails
where the author offers a large amount of money. Once a victim has
been drawn in, requests are made from the fraudster for private
information which may lead to requests for money, stolen
identities, and financial theft.
Other examples of 419 email scams include a message claiming to
come from a persecuted widow of the late Nigerian head of state, an
associate of the massacred Nepalese royal family, and even an
African astronaut stranded on the Mir spacestation.
Sophos recommends companies automatically update their corporate
virus protection, and run a consolidated
solution at the email gateway to defend against viruses,
spyware and spam.