Malware claims UK suffers nuclear explosion

Friday, September 12, 2008

Sophos has discovered a widespread spam campaign that claims that a powerful explosion occurred at a nuclear power station located in the suburbs of London on the afternoon of the 9th September.

Samples intercepted by SophosLabs reveal that the emails claim to contain images in an attachment called victims.zip. In fact, clicking on the attachment will not open any pictures of the supposed explosion but will instead run a Trojan horse detected by Sophos as Troj/Agent-HQE. Once installed, the hackers can use the malware to spy on the victim's computer and steal information for financial gain.

The emails arrive in the potential victim's inbox with the subject line: 'Reply: A report on radiation contamination of Canada," and the body of the message reads as follows:

On Internet forums there appeared messages of a powerful explosion at a United Kingdom nuclear power station located in the suburbs of London.

According to witnesses' statements the explosion happened at about 3pm on the 9th of September. In particular, one resident of this town has made a call and had time to inform her relatives that connection in the town was being cut off in order not to let people phone somebody. She insists that the explosion really took place at the nuclear power station, and that it was a really powerful one, and now the radiation cloud is moving.

This information is being unofficially confirmed in public agents' private conversations.

Besides, local residents place pictures of the explosion consequences and victims' bodies in their blogs.

The photo's attached to this email!
Send this email to your friends!

Posted in |
Graham Cluley, Sophos (not verified) Says:
Mon, 2008-09-15 15:31

For your interest, you might be interested to know that we also saw versions of this scam sent claiming that the explosion had happened in the suburbs of Sydney, Australia.

It appears the scammers may have been changing the message depending on what they believed the location of the recipient to be.

We've posted more information about the bogus Nuclear explosion emails on our website.