This morning we've received more than 300 copies of a new "BBC" spam campaign which mocks Georgia's President and spreads a new virus.
The mail is delivered with three distinct subjects so far:
A copycat spammer is using headlines:
Weekly BBC NEWS.
to send spam messages claiming a headline that the President of
Georgia is gay.
The Headlines within the email message choose from:
Mikheil Saakashvili gay scandal! New of this week!
Saakashvili have a funny woman organ (pu..sy)! see it!
Funny Saakashvili gay video...See now!Sensation!
Sensation! president of Georgia... GAY! See now!
Last news! Saakashvili (president of Georgia) the gay!
President of Georgia - intim (GAY) video! see now!
The spams contain a linked image of the President from the BBC:
We've received 300+ copies so far . . .
Malware loads from these locations:
All of those locations actually cause the virus to be delivered from a single location, the IP address:
The name of the malware is "name.avi.exe", and at the moment, only FOUR out of 36 anti-virus products detect it.
Clearly the spam is from someone who doesn't have a solid command on the English language.
So far the emails have been received from more than 40 IP addresses. Spot-checking these IP addresses for previous spam activity finds nothing in the UAB Spam Data Mine, suggesting these machines are not part of a previously used spamming botnet.
22.214.171.124 - Vietnam
126.96.36.199 - India
188.8.131.52 - JetBlue Airways, Salt Lake City, Utah
184.108.40.206 - ADVA Technologies, Sandhurst, GB
220.127.116.11 - Cable Bahamas
18.104.22.168 - Alabanza, Inc - Baltimore, Maryland
22.214.171.124 - NOC4Hosts, Tampa, Florida
126.96.36.199 - US Cellular, Knoxsville, Tennessee
188.8.131.52 - JSC Center Telecom - Russian Federation
184.108.40.206 - Moscow Local Telephone - Russian Federation
220.127.116.11 - Web Media Services - Russian Federation
18.104.22.168 - Colocation facility - Netherlands
22.214.171.124 - Severen Telecom, Russian Federation
126.96.36.199 - Czech Republic
188.8.131.52 - Bucharest, Romania
184.108.40.206 - Turk Telekom, Ankara, Turkey
220.127.116.11 - Poland
18.104.22.168 - St. Petersburg Telephone, Russian Federation
22.214.171.124 - ??
126.96.36.199 - Verizon
188.8.131.52 - Verizon
184.108.40.206 - Verizon
220.127.116.11 - Taiwan
18.104.22.168 - Italy
22.214.171.124 - Wilamette University, Salem, Oregon
126.96.36.199 - Italy
188.8.131.52 - Germany
184.108.40.206 - Federal Agency of Education, Moscow, Russia
220.127.116.11 - Austin Community College, Austin, TX
18.104.22.168 - Colombia
22.214.171.124 - Mexico
126.96.36.199 - Chile
188.8.131.52 - Colombia
184.108.40.206 - Cumberland Technologies, Mechanicsburg, PA
220.127.116.11 - SEI Data, Dillsboro, Indiana
18.104.22.168 - Korea
22.214.171.124 - Germany
126.96.36.199 - Spain
188.8.131.52 - Spain
184.108.40.206 - Albanza
220.127.116.11 - BTNet
18.104.22.168 - China