This morning we've received more than 300 copies of a new "BBC" spam campaign which mocks Georgia's President and spreads a new virus.
The mail is delivered with three distinct subjects so far:
A copycat spammer is using headlines:
Weekly BBC NEWS.
to send spam messages claiming a headline that the President of
Georgia is gay.
The Headlines within the email message choose from:
Mikheil Saakashvili gay scandal! New of this week!
Saakashvili have a funny woman organ (pu..sy)! see it!
Funny Saakashvili gay video...See now!Sensation!
Sensation! president of Georgia... GAY! See now!
Last news! Saakashvili (president of Georgia) the gay!
President of Georgia - intim (GAY) video! see now!
The spams contain a linked image of the President from the BBC:
We've received 300+ copies so far . . .
Malware loads from these locations:
All of those locations actually cause the virus to be delivered from a single location, the IP address:
The name of the malware is "name.avi.exe", and at the moment, only FOUR out of 36 anti-virus products detect it.
Clearly the spam is from someone who doesn't have a solid command on the English language.
So far the emails have been received from more than 40 IP addresses. Spot-checking these IP addresses for previous spam activity finds nothing in the UAB Spam Data Mine, suggesting these machines are not part of a previously used spamming botnet.
18.104.22.168 - Vietnam
22.214.171.124 - India
126.96.36.199 - JetBlue Airways, Salt Lake City, Utah
188.8.131.52 - ADVA Technologies, Sandhurst, GB
184.108.40.206 - Cable Bahamas
220.127.116.11 - Alabanza, Inc - Baltimore, Maryland
18.104.22.168 - NOC4Hosts, Tampa, Florida
22.214.171.124 - US Cellular, Knoxsville, Tennessee
126.96.36.199 - JSC Center Telecom - Russian Federation
188.8.131.52 - Moscow Local Telephone - Russian Federation
184.108.40.206 - Web Media Services - Russian Federation
220.127.116.11 - Colocation facility - Netherlands
18.104.22.168 - Severen Telecom, Russian Federation
22.214.171.124 - Czech Republic
126.96.36.199 - Bucharest, Romania
188.8.131.52 - Turk Telekom, Ankara, Turkey
184.108.40.206 - Poland
220.127.116.11 - St. Petersburg Telephone, Russian Federation
18.104.22.168 - ??
22.214.171.124 - Verizon
126.96.36.199 - Verizon
188.8.131.52 - Verizon
184.108.40.206 - Taiwan
220.127.116.11 - Italy
18.104.22.168 - Wilamette University, Salem, Oregon
22.214.171.124 - Italy
126.96.36.199 - Germany
188.8.131.52 - Federal Agency of Education, Moscow, Russia
184.108.40.206 - Austin Community College, Austin, TX
220.127.116.11 - Colombia
18.104.22.168 - Mexico
22.214.171.124 - Chile
126.96.36.199 - Colombia
188.8.131.52 - Cumberland Technologies, Mechanicsburg, PA
184.108.40.206 - SEI Data, Dillsboro, Indiana
220.127.116.11 - Korea
18.104.22.168 - Germany
22.214.171.124 - Spain
126.96.36.199 - Spain
188.8.131.52 - Albanza
184.108.40.206 - BTNet
220.127.116.11 - China