Researchers at F-Secure have found three Hussein-related malware embedded in the emails, named video_sadan.exe, saddam.morto.scr and sadan.exe.
The three files are actually the viruses W32/Banload.BSW, W32/Banload.BSX and Trojan-Downloader.Win32.Delf.ACC, according to the Helsinki-based anti-virus firm.
Two of the malware, Banload.BSW and Delf.ACC, open a YouTube page with the search term "enforcado" - the Portuguese word for execution - already entered, according to a post on F-Secure's weblog by Mikko Hypponen, chief research officer.
A F-Secure representative could not immediately be reached for comment today.
Experts have long warned that spammers are adept at quickly creating malicious emails to take advantage of current - and sometimes tragic - events.
Ron O'Brien, senior security analyst at Sophos, told SCMagazine.com today that casual users will eventually see more malicious emails linking to YouTube.
"This is what I would consider a view into the future. Obviously, YouTube is very highly regarded by the majority of its users as a safe environment," he said.
"So it's really not surprising that someone would try to include it in a spam campaign."
The malicious users behind the morbid malware have financial motivations, according to O'Brien.
"I have seen four different forms of malware that are part of what you would consider a spam campaign going out, and it looks like they're all trojans and they all have the intent of stealing bank information," he said.
"It's social engineering. People hear about the pictures and [malicious users are] trying to entice them."
Click here to email Online Editor Frank Washkuch Jr.
Trojans posing as rare Saddam Hussein execution videos
By
Frank Washkuch
on Jan 9, 2007 4:46PM
Keeping with their practice of tailoring malware-toting email for current events, malicious users are mass mailing what they claim is a rarely-seen video of the execution of Saddam Hussein.
Got a news tip for our journalists? Share it with us anonymously here.
