This morning we've received more than 300 copies of a new "BBC" spam campaign which mocks Georgia's President and spreads a new virus.
The mail is delivered with three distinct subjects so far:
A copycat spammer is using headlines:
Weekly BBC NEWS.
to send spam messages claiming a headline that the President of
Georgia is gay.
The Headlines within the email message choose from:
Mikheil Saakashvili gay scandal! New of this week!
Saakashvili have a funny woman organ (pu..sy)! see it!
Funny Saakashvili gay video...See now!Sensation!
Sensation! president of Georgia... GAY! See now!
Last news! Saakashvili (president of Georgia) the gay!
President of Georgia - intim (GAY) video! see now!
The spams contain a linked image of the President from the BBC:
We've received 300+ copies so far . . .
Malware loads from these locations:
All of those locations actually cause the virus to be delivered from a single location, the IP address:
The name of the malware is "name.avi.exe", and at the moment, only FOUR out of 36 anti-virus products detect it.
Clearly the spam is from someone who doesn't have a solid command on the English language.
So far the emails have been received from more than 40 IP addresses. Spot-checking these IP addresses for previous spam activity finds nothing in the UAB Spam Data Mine, suggesting these machines are not part of a previously used spamming botnet.
184.108.40.206 - Vietnam
220.127.116.11 - India
18.104.22.168 - JetBlue Airways, Salt Lake City, Utah
22.214.171.124 - ADVA Technologies, Sandhurst, GB
126.96.36.199 - Cable Bahamas
188.8.131.52 - Alabanza, Inc - Baltimore, Maryland
184.108.40.206 - NOC4Hosts, Tampa, Florida
220.127.116.11 - US Cellular, Knoxsville, Tennessee
18.104.22.168 - JSC Center Telecom - Russian Federation
22.214.171.124 - Moscow Local Telephone - Russian Federation
126.96.36.199 - Web Media Services - Russian Federation
188.8.131.52 - Colocation facility - Netherlands
184.108.40.206 - Severen Telecom, Russian Federation
220.127.116.11 - Czech Republic
18.104.22.168 - Bucharest, Romania
22.214.171.124 - Turk Telekom, Ankara, Turkey
126.96.36.199 - Poland
188.8.131.52 - St. Petersburg Telephone, Russian Federation
184.108.40.206 - ??
220.127.116.11 - Verizon
18.104.22.168 - Verizon
22.214.171.124 - Verizon
126.96.36.199 - Taiwan
188.8.131.52 - Italy
184.108.40.206 - Wilamette University, Salem, Oregon
220.127.116.11 - Italy
18.104.22.168 - Germany
22.214.171.124 - Federal Agency of Education, Moscow, Russia
126.96.36.199 - Austin Community College, Austin, TX
188.8.131.52 - Colombia
184.108.40.206 - Mexico
220.127.116.11 - Chile
18.104.22.168 - Colombia
22.214.171.124 - Cumberland Technologies, Mechanicsburg, PA
126.96.36.199 - SEI Data, Dillsboro, Indiana
188.8.131.52 - Korea
184.108.40.206 - Germany
220.127.116.11 - Spain
18.104.22.168 - Spain
22.214.171.124 - Albanza
126.96.36.199 - BTNet
188.8.131.52 - China