The Register® — Biting the hand that feeds IT

Geo-located malware appears over the horizon

Dirty bomb ruse used to punt worm

By John LeydenGet more from this author

Posted in ID, 16th March 2009 16:28 GMT

Free whitepaper – PowerEdge M1000e, M600 and M605 spec sheet

Malware authors have incorporated technology designed to find the geographic location of prospective marks as a tactic to enable more convincing social engineering scams.

A new variant of the Waledac worm uses an email message claiming a "dirty bomb" explosion in order to tempt the gullible into visiting a maliciously-constructed website posing as the homepage of news agency Reuters. This website uses a GEO-IP lookup to customise the story so as to appear that the explosion appeared in a city or location near the surfer viewing it.

Punters are encouraged to view a video supposedly related to the shocking news of a nearby radioactive bomb explosion. When users click on the video they are prompted to download the latest version of "Flash Player". But the software on offer turns out to be nothing to do with Adobe, instead coming loaded with the latest variant of the Waledac worm.

Write-ups of this geo-targeted malware attack, currently doing the rounds, can be found in security blogs run by Websense (here) and Sophos (here). ®

Hitachi IT Operations Analyzer: 30-day free trial.

Webcast: Jumpstart your Application Security initiatives