Sophos has discovered that emails pretending to be stories about the recent disaster in China are in fact the carriers of the the Trojan horse (known as Troj/MalDoc-Fam). The message seems at first sight to be a legitimate report on the earthquake:

"BEIJING, May 20 (Xinhua) — The death toll from the earthquake in southwest China‘s Sichuan Province has risen to 34,074 nationwide as of 2p.m. Saturday, while 198,347 people were injured, according to the Information Office of the State Council. Pay attention to attachment for more."

However, if the users click on the attachment, they will trigger an exploit, thus authorizing the silent download of further malware. which silent downloads further malware onto the user’s computer.

As it follows, hackers might use the infected machines to collected various information which they can later use to clean up the users’ bank accounts or for identity theft.