Trojan authors keep up with the press

Criminals are trying to scare innocent computer users into thinking they have become the latest victims of internet service providers casting their nets to catch copyright pirates.

Emails with the subject line ‘Your internet access is going to get suspended’ from a serious-sounding ‘ICS Monitoring team’ were intercepted yesterday on their way to users’ inboxes.

The unsolicited messages falsely claim that the recipient has been conducting illegal activities online, and invites them to open a .zip file attachment if they want to see the evidence.

Unsuspecting users, who may have read about recent online piracy cases, that open the file risk infection from a malicious Trojan horse which will give hackers covert access to their PC.

Security experts said computer users may be extra tempted to access the file if they rely upon their connection, concerned that it may be terminated if they don’t investigate.

“With a recent survey finding that nearly half of Britain’s web users suffer from net addiction, it was only a matter of time before spammers would deploy social engineering tactics to take advantage,” said Graham Cluley, senior technology consultant at Sophos.

“Recent piracy cases will also worry web users, especially those who may be using unsecured Wi-Fi – they’ll want to open the attachment to make sure that someone else hasn’t been using their connection to download copyrighted movies or music. Unfortunately by then it’s too late, and they could have handed access to their computer and files to the hackers.”

According to Sophos, which intercepted the mails, the authors have used two malicious attachments in these emails, detected as Troj/Meredrop-A and Troj/Agent-HQK.

All computer users were advised to ensure that their anti-virus protection was up to date, and that a multi-layered defence was running at the email gateway to defend against viruses and spam.

Last week, more evidence emerged from the firm that Trojan creators are increasingly aware of the issues that mainstream media are turning heads with.

Spam emails were arriving in users’ inboxes telling them to click on the presented link if they wanted to see an online sex video featuring Presidential Democratic candidate Barack Obama.

Normally in these types of malware attacks, the Trojan horse is simply installed rather than the promised video being shown, but the creator of this attack bucks the trend.

Users who click on the link in the emails download an executable file which does display a pornographic video, albeit one not starring Mr Obama, as it installs malicious code in the background.


16th September 2008

Related News

Latest News