Fake email uses ISIS threat to distribute malicious attack
12 January 2015
Alert Priority High
You are advised to be cautious about opening any emails you receive that refer to an ISIS threat. New emails referring to ISIS terrorism activities carry a malicious attachment that can be used to infect your computer.
The Australian Communications and Media Authority is experiencing a surge in reports of emails with the subject ‘ISIS attacks in sydney?’ (sic). These emails encourage people to open an attached Word or RAR file by claiming the attachment includes an article naming the Sydney locations ISIS plans to attack in 2015.
Clicking on the attachment could result in malicious code being installed that allows an attacker to take control of your computer.
The email includes the contact details of the prominent news.com.au website in an attempt to represent itself as a legitimate email. It is highly likely similar malicious emails are in circulation using references to high profile, terror-related events.
The full text of the malicious email is provided below:
Subject: ISIS attacks in sydney?
Body: ISIS has warned Australian Police today about new attacks in Sydney.
Attached the places in word file which ISIS planning to attack in Sydney this year 2015.
These terrorists have Australian Citizen why they attack us?
Read more in the detailed story in word file.
Please address any correspondence to:
[news address inserted here]
The switchboard number for [news] is:
[news phone number inserted here]
Telephone: [news phone number inserted here]
Email: [news email inserted here]
Stay Smart Online has information about protecting your computer here.
Information for this alert has been provided by the Australian Communications and Media Authority.
The information provided here is of a general nature. Everyone's circumstances are different. If you require specific advice you should contact your local technical support provider.
Thank you to those subscribers who have provided feedback to our Alerts and Newsletters. We are very interested in your feedback and where possible take on board your suggestions or requests.
This information has been prepared by Enex TestLab for the Department of Communications ('the Department'). It was accurate and up to date at the time of publishing.
This information is general information only and is intended for use by private individuals and small to medium sized businesses. If you are concerned about a specific cyber security issue you should seek professional advice.
The Commonwealth, Enex TestLab, and all other persons associated with this advisory accept no liability for any damage, loss or expense incurred as a result of the provision of this information, whether by way of negligence or otherwise.
Nothing in this information (including the listing of a person or organisation or links to other web sites) should be taken as an endorsement of a particular product or service.
Please note that third party views or recommendations included in this information do not reflect the views of the Commonwealth, or indicate its commitment to a particular course of action. The Commonwealth also cannot verify the accuracy of any third party material included in this information.