Using the subject "Attention Bird Flu in England", the mail tries to get users to click on a link to go either of two websites to get more information (or rather, to run malware!)
Upon clicking on a link, users are directed to a website which claims that you have been blocked from accessing it. This appears to be another trick by the attacker to make the user believe that the site has either been disabled or shutdown.
Within the HTML, an IFRAME is loaded that uses the recent WMF exploit to run code without user-intervention. The code is a Trojan horse downloader, which connects to another site to download new malicious code. The filename is "expl1.wmf," which downloads and runs "expl1.exe.", Websense Security Labs warned.
Downloads and Drivers
From the Forums
Subscribe to TechSpot
Get free exclusive content, learn about new features and breaking tech news.