This morning we've received more than 300 copies of a new "BBC" spam campaign which mocks Georgia's President and spreads a new virus.
The mail is delivered with three distinct subjects so far:
A copycat spammer is using headlines:
Weekly BBC NEWS.
to send spam messages claiming a headline that the President of
Georgia is gay.
The Headlines within the email message choose from:
Mikheil Saakashvili gay scandal! New of this week!
Saakashvili have a funny woman organ (pu..sy)! see it!
Funny Saakashvili gay video...See now!Sensation!
Sensation! president of Georgia... GAY! See now!
Last news! Saakashvili (president of Georgia) the gay!
President of Georgia - intim (GAY) video! see now!
The spams contain a linked image of the President from the BBC:
We've received 300+ copies so far . . .
Malware loads from these locations:
All of those locations actually cause the virus to be delivered from a single location, the IP address:
The name of the malware is "name.avi.exe", and at the moment, only FOUR out of 36 anti-virus products detect it.
Clearly the spam is from someone who doesn't have a solid command on the English language.
So far the emails have been received from more than 40 IP addresses. Spot-checking these IP addresses for previous spam activity finds nothing in the UAB Spam Data Mine, suggesting these machines are not part of a previously used spamming botnet.
220.127.116.11 - Vietnam
18.104.22.168 - India
22.214.171.124 - JetBlue Airways, Salt Lake City, Utah
126.96.36.199 - ADVA Technologies, Sandhurst, GB
188.8.131.52 - Cable Bahamas
184.108.40.206 - Alabanza, Inc - Baltimore, Maryland
220.127.116.11 - NOC4Hosts, Tampa, Florida
18.104.22.168 - US Cellular, Knoxsville, Tennessee
22.214.171.124 - JSC Center Telecom - Russian Federation
126.96.36.199 - Moscow Local Telephone - Russian Federation
188.8.131.52 - Web Media Services - Russian Federation
184.108.40.206 - Colocation facility - Netherlands
220.127.116.11 - Severen Telecom, Russian Federation
18.104.22.168 - Czech Republic
22.214.171.124 - Bucharest, Romania
126.96.36.199 - Turk Telekom, Ankara, Turkey
188.8.131.52 - Poland
184.108.40.206 - St. Petersburg Telephone, Russian Federation
220.127.116.11 - ??
18.104.22.168 - Verizon
22.214.171.124 - Verizon
126.96.36.199 - Verizon
188.8.131.52 - Taiwan
184.108.40.206 - Italy
220.127.116.11 - Wilamette University, Salem, Oregon
18.104.22.168 - Italy
22.214.171.124 - Germany
126.96.36.199 - Federal Agency of Education, Moscow, Russia
188.8.131.52 - Austin Community College, Austin, TX
184.108.40.206 - Colombia
220.127.116.11 - Mexico
18.104.22.168 - Chile
22.214.171.124 - Colombia
126.96.36.199 - Cumberland Technologies, Mechanicsburg, PA
188.8.131.52 - SEI Data, Dillsboro, Indiana
184.108.40.206 - Korea
220.127.116.11 - Germany
18.104.22.168 - Spain
22.214.171.124 - Spain
126.96.36.199 - Albanza
188.8.131.52 - BTNet
184.108.40.206 - China