She has already gone to hospital!…

Below is a new scam email being sent around the internet. The topic of the email is shown above. The email’s contents are shown below (I’ve removed the link):

Listen to me carefully, i don’t know what your name is, but i’ll find you and i’ll cripple you, because this is you who tempted her!!! She has already gone to hospital, you’re next, this is evidence:

http://www.———.sk/fotos/

If you receive this email just delete it. It’s a scam to get you to click on the link, which will then have malicious code. More details in the comments below.

HTML_IFRAME.TW virus

5 thoughts on “She has already gone to hospital!…”

  1. Ok, so what does the malicious code do? I have some computers that need looking at and it would be good to know what the payload is! 🙂

  2. Hi Bob. It shows a pornographic image and immediately tries to download a virus. Any up to date (and good) anti virus software will block it.

    The virus is identified as “HTML_IFRAME.TW”. Trend’s virus encyclopedia doesn’t offer much more information, http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=HTML_IFRAME.TW

    Judging by the web stats of Fraudo.com it seems the spam email circulated through Australia and New Zealand first, then Canada. Then less traffic from USA.

    The web address shown in the spam has also changed in the past couple of days (i.e. there’s already at least 2 versions of it),

  3. Okay, I’m embarrassed to admit it, but it so caught me by surprise that I hit the link before I realized what it was.

    Is the virus geared toward PCs or can it do damage to a mac as well?

  4. I got this yesterday and have reported it to the police, because of the threat included in it. I reported it to Yahoo who said it was not really a Yahoo account and they told me how to read the ip address from the header detail. (From the last Received line) and using WHOIS got in touch with Hostaway.com.

    I have now forwarded it to them for them to deal with and await their response

  5. Several of my user’s just received the same email. I’m glad they knew better than to click the link and let me know immediately. It’s disconcerting to read this upon coming into work first thing in the morning.

Leave a Reply to David Volk Cancel reply

Your email address will not be published. Required fields are marked *