Murder suspect alert? Nah: Scammers fling cop-style malware

Boys in Blue? More like the Lads from Lagos

A new email scam attempts to trick marks into opening a dodgy email attachment by posing as a murder suspect bulletin from “London City Police”.*

The fake email alert is designed to appear important, but also somewhat ambiguous, in a deliberate attempt to trick users into opening the zip attachment. The arresting scam is more likely to draw in victims because of its comparative novelty.

Fred Touchette, senior security analyst at AppRiver, explained: “The fake alert is meant to raise community awareness about a supposed homicide suspect who is on the loose in London, and was made to look like it was sent out by the London City Police themselves. All of the information provided in the email body is seemingly important-looking, but rather vague, by design.”

“This is to raise curiosity and to direct readers to the real target, the attachment,” continued Touchette. “This is where the real details of the case are: what is this suspect’s name, what do they look like, where were they last seen, etc etc.”

“But instead, as is the norm, the attachment actually contains malware,” he added.

Windows machines affected by the scam are infected with a backdoor that links to a botnet control server in Lagos, Nigeria. Compromised machines phone home for further instructions and payloads, as explained in a blog post by AppRiver here. ®


The relevant policing organisation is actually called the City of London Police.

Sponsored: Becoming a Pragmatic Security Leader

Biting the hand that feeds IT © 1998–2019