A twisted social engineering ploy offering camera phone footage of the Virginia Tech shootings is being used by malware spammers to get viewers to open spam messages containing a picture of the shooter and click on a link that installs a malicious screensaver file (TERROR_EM_VIRGINIA.SCR). The file is a banking spyware Trojan horse, known as Mal/Packer. The trojan seeks to steal passwords and usernames for online banking sites, opening up the possibility of identity theft and financial loss to any user infected with the program.
Using spam-mails with subject lines and pictures related to current/recent news events has become an ever more common tactic of spammers/malware distributors. This is how the storm worm, which resurfaced last week got its name. As a matter of policy, IT managers/administrators should strongly emphsize to users that any inbound email referring to current news evetns should be treated with extreme sketacism. If it is a topic they are interested in, direct them to visit a reputable news source at an appropriate time.