The spammers’ strategy is quite simple: the recepients get an email featuring only a short phrase ("Amazing Independence Day salute" or "The best firework you’ve ever seen") and an IP adress. If they decide to click on it, they will be taken to a malicious page and invited to view a short clip featuirng an allegedly fantastic fireworks show. The message reads the following:

"Colorful Independence Day events have already started throughout the country. The largest firework happens on the last weekday before the Fourth of July. Unprecedented sum of money was spent on this fabulous show. If you want to see the best Independence Day firework just click on the video and run it."

As expected, clicking on the video player won’t start a movie, but it will successfully download a file called ‘fireworks.exe’, namely the Troj/Dorf-BP Trojan.

"Everyone loves fireworks, but you’re not going to be feeling in the mood for celebrations if this malware infects your Windows PC, turning it into a part of a botnet for criminals to commit identity theft and launch spam and malware campaigns," said Graham Cluley, senior technology consultant at Sophos. "Americans are not the only ones at risk as they open their email this morning – people around the world with US-based friends may be tempted to follow the link and watch the video. Many Americans may be taking the day off today to celebrate their country’s independence, and return to work on Monday morning not realising what may be waiting for them in their inbox."