The ‘waledac’ variant, containing an apparent link to a Reuters website, shows the geolocation of the explosive as corresponding to the users IP address.
The story, perhaps designed off the back of recent terrorism-related events, claims that 12 people have been killed in the blast, and over 40 wounded, and contains such leading subject titles as "Why did it happen in your city?", "Take Care!" and "Are you and your friends in good health?"
Links to Wikipedia and Google are also included to convince the recipient of the veracity of the report.
"This is a clever piece of social engineering,” says Graham Cluley, senior technology consultant at Sophos. "If you visit the webpage from Southampton, Bristol or London it is likely to claim that the bomb blast has occurred there. There are the usual clues that the observant computer user will recognise as spam - poor spelling and grammar being the key one - but the danger is that other less wary users won't notice this and will become engrossed in the story without realising that their PC is being infected as they read."
The spam was also picked up by the Websense ‘ThreatSeeker’ Network. A full lab alert can be viewed
here.