A spam email claiming to contain a link to footage of the Virginia Tech shootings is infecting computers with malicious Trojan software that collects bank details, security experts are warning.
"While the video made by gunman Cho Seung-Hui prior to the killing of 33 people on Monday was widely posted on news websites and YouTube.com, spam emails were intercepted on Wednesday night purporting to link to the footage on a Brazilian site," said Graham Cluley, senior technology consultant at security vendor Sophos.
Clicking the link caused a computer to automatically download a malicious screensaver, called TERROR_EM_VIRGINIA.scr by Sophos, which installs a Trojan program that collects banking details.
"It's unclear yet what banks the Trojan is engineered to exploit," Cluley said. Sophos has posted a screenshot of the spam.
The emails are unlikely to mean much to English speakers since they're written in Portuguese. But hackers have repeatedly used breaking news events to trick users into opening malicious programs.
"We might see other hackers jump on the coat-tails of this," Cluley said.
In the aftermath of emergencies and disasters, fraudulent websites frequently emerge, often claiming to collect charity money. So far, more than 450 questionable-looking domain names related to the Virginia Tech shooting have been registered, according to Johannes Ullrich, chief technical officer at the Sans Internet Storm Center web security monitor.
The registrations have occurred at a faster pace than after Hurricane Katrina struck New Orleans in August 2005, Ullrich wrote on Monday.
The US Computer Emergency Response Team warned on Tuesday that it's likely some of those domains could turn into phishing sites.
Earlier in the week, eBay cancelled auctions trying to sell domains related to the Virginia Tech shootings, with one listed at $49,930 (£25,000).