Bogus lottery email carries fake anti-virus payload

Graham Cluley
Graham Cluley
@[email protected]

Most of us with email addresses are probably familiar with the phenomenon of lottery scams.

An email arrives, claiming that you have won a substantial amount of money in a lottery you never participated in. Typically the email asks you to make contact – whereupon the scammer will try and derive your personal private information (such as bank account details) or demand an administration fee before the money can be sent to you.

In the latest spam campaign to arrive in our honeypots, things are a little bit different however, and take a sinister new twist.

Bogus lottery email carries fake anti-virus payload

Sign up to our free newsletter.
Security news, advice, and tips.

Attached to the email, which has the subject line “You are a winner.”, is a file called

Unfortunately for the recipient who believes that they are the lucky winner of a lottery, the attachment contains scareware (also known as fake anti-virus) – designed to frighten the unsuspecting user into believing that they have security issues on their computer, and to trick them into purchasing a solution.

Sophos detects the malware as Troj/FakeAV-AGU or Troj/ZipMal-D.

Interestingly the snail-mail address uses in the email (“28 Tanfield Road, Croydon”) has been seen often in other lottery emails in the past – not just for the British National Lottery, but lotteries associated with well known brands such as Honda and Toyota – as anyone who spent a couple of minutes investigating with Google would discover.

Scareware has been one of the major security stories of 2009 – it is being used widely by cybercriminals and their affiliates. The sad truth is that it must be working, otherwise they wouldn’t keep using the technique with such ferocity.

Here is a typical message we are seeing being sent out by the bad guys:

British National Lottery,
28 Tan Field Road,
Ref: UK/9420X2/68

Dear Winner,

This email is being sent from The British National Lottery HQ. You've been selected a winner in our online draw. You've been approved to claim a total sum of 2,764,866 Pounds (Two Million, Seven Hundred and Sixty Four Thousand, Eight Hundred and Sixty Six Pounds Sterling) from our Online lottery draw promo sponsored by the British Gaming Board, Microsoft International and the United Nations. This is from a total cash prize of 6,534,370 Pounds shared amongst the first Three (3) lucky winners.



Yours Truly,
Ray Bates.

British National Lottery,
28 Tan Field Road,

You may not fool for a scam like this, but you might imagine it’s safe to open the attachment. Always be careful about unsolicited email attachments, even if you think it’s something you’ve seen a hundred times before. It could be a new twist on an old trick.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.