Spammers use social engineering to customize messages to potential victims’ location

Computer users around the world should be on their guard against a widespread, malicious spam campaign that poses as breaking news stories about a bomb blast in your city.

Samples intercepted by SophosLabs claim that 18 people have been killed in an explosion and link to a video news story on a supposedly Reuters-related website. In fact, computer users that click on the link will not find more information on this breaking news story, but will actually be taken to a website that is designed to infect their Windows PC with malicious code.

Many computer users may not immediately notice the danger as the website attempts to identify users’ whereabouts and customizes the story to appear as though it relates to their location.

Graham Cluley, senior technology consultant at Sophos comments:

This is a clever piece of social engineering and shows the lengths that cybercriminals will go to in order to trick more potential victims. If you visit the webpage from Southampton, Bristol or London it is likely to claim that the bomb blast has occurred there. There are the usual clues that the observant computer user will recognise as spam – poor spelling and grammar being the key one – but the danger is that other less wary users won’t notice this and will become engrossed in the story without realising that their PC is being infected as they read.