A new worm that poses as details of a latest news stories has surfaced in the wild, security experts say.
The Crowt-A worm takes its subject lines, message content and attachment names from headlines gathered in real-time from the CNN Web site, says Brett Myroff, CEO of local Sophos distributor Netxactics.
"It attempts to send itself by e-mail to addresses found on infected computers. Crowt-A`s subject line and attachment share the same name, but continually change to mirror the front-page headline on the CNN news site."
The message text is also lifted from the CNN site, duping the recipient into thinking they are reading a genuine newsletter rather than receiving an infected e-mail, adds Myroff.
Once activated, the worm installs a backdoor Trojan function on the infected PC, which attempts to log keystrokes and send gathered data to a remote user.
Myroff says hackers often use these Trojans to gain unauthorised control of PCs and to steal personal information such as bank passwords. "Virus writers are always looking for new tricks to entice innocent computer users into running their malicious code; this latest ploy feeds on people`s desire for the latest news."
But despite coming across as a convincing news message, Crowt-A is unlikely to cause any major problems, says Justin Stanford, CEO of anti-virus vendor NOD32 South Africa.
"This virus has not shown up on the www.virus-radar.com, which is still dominated by the usual suspects like Zafi.B at number one and the various different strains of the Netsky virus.
"This new virus is not using any techniques that we haven`t seen before and doesn`t seem very advanced, so I wouldn`t expect it to become incredibly prevalent."
Related stories:
Fake Lycos screensaver hides a keylogger
Critical IE vulnerability identified
Worm rides Tsunami
Share