According to security firm Sophos, the message contains the
heading "Tsunami Donation! Please help!" It encourages readers to
open an attachment for further information. Doing so triggers an
attempt to load the new W32/VBSun-A worm onto computers.
The worm then e-mails itself to addresses found on the infected
computer. It could also be used to launch a denial-of-service
attack (where a web server is flooded requests for information,
overwhelming the system and ultimately crashing it) against a
particular German hacking web site.
"This gruesome insensitivity is a despicable ploy to get curious
computer users to run malicious code on their computers," said
Graham Cluley, senior technology consultant at Sophos. "Everyone
should be wary of unsolicited e-mail attachments."
In the weeks since the disaster there have been numerous
warnings against on-line scams that exploit the public's interest
in helping victims, ranging from attempts to siphon donations to
imbedding Trojans in the computers of visiting net users.
Enforcement agencies have warned that they will vigorously
pursue those behind the scams, and only last week the FBI made its
first arrest, collaring alleged spammer Matthew Schmieder.
According to reports, Schmieder was supposedly responsible for
sending about 800,000 fake fundraising messages, but was tracked
down by Spamhaus, the UK-based anti-spam group.
