She has already gone to hospital!…

Below is a new scam email being sent around the internet. The topic of the email is shown above. The email’s contents are shown below (I’ve removed the link):

Listen to me carefully, i don’t know what your name is, but i’ll find you and i’ll cripple you, because this is you who tempted her!!! She has already gone to hospital, you’re next, this is evidence:

http://www.———.sk/fotos/

If you receive this email just delete it. It’s a scam to get you to click on the link, which will then have malicious code. More details in the comments below.

HTML_IFRAME.TW virus

21 April, 2008 | Filed Under Malware, Scams 

Comments

7 Responses to “She has already gone to hospital!…”

  1. Bob on April 23rd, 2008 6:46 am

    Ok, so what does the malicious code do? I have some computers that need looking at and it would be good to know what the payload is! :)

  2. enrique on April 23rd, 2008 9:36 pm

    Hi Bob. It shows a pornographic image and immediately tries to download a virus. Any up to date (and good) anti virus software will block it.

    The virus is identified as “HTML_IFRAME.TW”. Trend’s virus encyclopedia doesn’t offer much more information, http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=HTML_IFRAME.TW

    Judging by the web stats of Fraudo.com it seems the spam email circulated through Australia and New Zealand first, then Canada. Then less traffic from USA.

    The web address shown in the spam has also changed in the past couple of days (i.e. there’s already at least 2 versions of it),

  3. David Volk on April 24th, 2008 3:38 pm

    Okay, I’m embarrassed to admit it, but it so caught me by surprise that I hit the link before I realized what it was.

    Is the virus geared toward PCs or can it do damage to a mac as well?

  4. Graeme Stickings on April 25th, 2008 1:07 am

    I got this yesterday and have reported it to the police, because of the threat included in it. I reported it to Yahoo who said it was not really a Yahoo account and they told me how to read the ip address from the header detail. (From the last Received line) and using WHOIS got in touch with Hostaway.com.

    I have now forwarded it to them for them to deal with and await their response

  5. Clay B on April 26th, 2008 1:28 am

    Several of my user’s just received the same email. I’m glad they knew better than to click the link and let me know immediately. It’s disconcerting to read this upon coming into work first thing in the morning.

  6. Hospital Spam Review : FraudO.com on April 29th, 2008 7:32 pm

    [...] week’s post about a threatening spam email (”She has already gone to hospital“) was extremely popular here, and I think it deserves a [...]

  7. SMS Death Threat Scam : FraudO.com on July 1st, 2008 11:01 pm

    [...] a new scam being sent by SMS, similar to an email one sent recently. The SMS reads: Someone paid me to kill you. If you want me to spare you, I’ll give you two [...]

Leave a Reply