A stream of spam emails has just found its way into my inbox, under the guise of a press release about John Howard’s recent heart attack. A heart attack that hasn’t actually happened.
Here’s the text:
“SYDNEY, February 18, 2007 08:56pm (AEDT) – The Prime Minister of Australia, John Howard have survived a heart attack. Mr Howard, 67 years old, was at Kirribilli House in Sydney, his prime residence, when he was suddenly stricken. Mr Howard was taken to the Royal North Shore Hospital where the best surgeons of Australia are struggling for his life.”
Readers are asked to click on links to get the latest information on the health of the Prime Minister, a link which appears to be for The Australian but is in fact a Canadian-registered site, no doubt hosting trojan software for harvesting email addresses for future spam. The three addresses I saw, theaunews.com, theau-news.org, austr-news.com, all were registered on February 14.
Thanks to Angus Kidman at IT Wire for the fast work on this.
BTW, to find information on who’s registered a site, use any of the large number of “who is” sites available, such as http://www.whois.net, remembering not to include the “http://www.” part.
Nice catch Duncan, but where’s a link I can click on to find out about Mr Howard’s heart attack…
😉
If you click on the link a couple of cookies are loaded onto your machine.
It’s actually worse than cookies – the website contains malicious code which drops a trojan on your machine, which most likely is a password stealing program. The ‘heart attack’ story is the hook to get you to visit the site. Also see: http://www.auscert.org.au/7314 .
Ummmm. It was kinda like a joke… “I’m so dumb I read the post and still feel ripped off that there wasn’t a link…” Oh well…
Yep Lindsay – your emoticon said it all. I must admit I went searching on Google News immediately the emails came through. Would you like me to write a post on John Howard somewhere else and then make a link to that? 😉
Hi Duncan,
So did I. Wishful thinking???