Classmates malware attack poses as school reunion invite

Remember the days of the old school yard? You may prefer to forget them, but many people are nostalgic for the days of grazed knees, poor food and double geography.

A new malware campaign seen in the last few days plays on the popularity of websites like Classmates.com and FriendsReunited, by posing as an invitation to an imminent school reunion.

A typical malicious email posing as a Classmates school reunion invitation

Part of the email reads:

Sign up to our free newsletter.
Security news, advice, and tips.
" With pride and joy we invite you to share a special day in our lives and join us for the Class Reunion on Friday, January 16th 2009.
Bring the gang from Our High School back together again!
Great party - from start to finish! "

Subject lines used in the malware campaign have included:

Friends waiting for your visit! Classmates
Classmates Reunion Soon - Your classmates Day
Classmates Reunion - Classmates Reunion - Special Preview Invitation
Classmates invitation - Reunion party Greeting Card.
Classmates Organiser Warning - Meeting high school and junior college classmates
Classmates Reunion Soon - [Class Reunion] Save the Date
This month we have chosen Reunion Day - January 2009!
Classmates Reunion Soon - Your classmates Day New Date.
Classmates Personal Invitation: Custom invitation
Invitation to preview new Reunion Classmates.
Important Classmates Day's 2009

Clicking on the link doesn’t of course take you to the real Classmates website, but a bogus site which tries to fool you into installing an update to Adobe Flash to view a video invitation to your school reunion. Of course, the update is really a malicious Trojan horse designed to compromise your computer.

With many people returning to the office after the holiday break there is a danger that some will click on the link without thinking as they plough through their inboxes.

As ever, be wary of unsolicited emails, and if you are going to update software and plugins on your computer make sure you are getting those updates from the real, legitimate producer of the code, not a third party website that a hacker could have set up.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky, Mastodon, and Threads, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.