The “Osama has been captured” spam is actually a trojan.

Turns out the email spam I mentioned the other day that claims to offer up pics of the capture of Osama bin Laden isn’t really spam at all. Alert reader Thejian mentioned that various anti-virus companies are warning that this website actually attempts to take advantage of an exploit in Internet Explorer to download a trojan called Small.b to your system if you visit the site. Here’s a little more info on the subject:

‘Osama Captured’ e-Mail is Malicious Trojan

If the link is activated via IE, the browser auto-executes a file called “EXPLOIT.EXE” and downloads an executable trojan, identified as “Trj/Small.B.”

The “Small.B” trojan opens ports on an infected machine and can be used to hijack PCs for use as spam zombies. The trojan has the ability to listen on the open port for instructions and redirects traffic to other IP addresses.

“Spammers and hackers can take advantage of compromised systems by using the infected computer as a middleman, allowing them to pass information through it and remain anonymous,” according to information provided by McAfee Security.

A spokesperson for anti-virus firm Sophos told the malicious trojan will only affect users using an unpatched IE browser. Microsoft has issued cumulative patches the IE browser to plug known vulnerabilities. The latest updates for Internet Explorer are available here.

So if you were like me and unable to resist checking the link and you don’t have your copy of IE up to date patch-wise then you may want to double check your system for a possible trojan. I used Firefox when I checked the link so it doesn’t appear to have affected me, but better safe than sorry.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.