Information stealing code disguised as "videos"
Threat Type: Malicious Code / Malicious Website
Websense Security LabsTM has discovered a run of spam emails that attempt to dupe users into downloading and installing a video of the solar eclipse. We have also seen similar blocks of spam purporting to contain videos of movie stars, singers, and other entertainers.
Sample subject lines include:
Lunar Eclipse Video
Your guide to the total lunar eclipse.
Shocking video with Total moon eclipse
Total Moon Eclipse Video on NASA TV
Moon Eclipse is visible today
If users access any of the various Web sites hosting the malicious code, and attempt to view the video, they are infected with an information-stealing Trojan Horse. There is no exploit code hosted on the sites. Users are prompted to confirm that they want to run the code.
Screenshot of email written in HTML
Websense Security customers are protected from these malicious sites.