Johannesburg, 07 Nov 2008
The US election was top-of-mind around the globe, and hackers have certainly not let the opportunity slide.
“While the tickertape from Barack Obama's celebratory party has probably not even been swept up yet, hackers have wasted no time in launching a malware campaign,” says Brett Myroff, CEO of regional Sophos distributor, Sophos South Africa.
Experts at Sophos have discovered a widespread spam attack, claiming to contain a link to news about the new US president.
The e-mails have subject lines such as: “Obama win preferred in world poll”, and claim to come from news@president.com. They accounted for approximately 60% of all malicious spam seen by SophosLabs in that hour on Wednesday.
Clicking on the link, however, takes Internet users to a Web page that insists readers download Adobe Flash 9 to view a video of the first African-American president making an “amazing speech”.
“It is not, however, Flash version 9. The Web site is also not only bogus, but downright dangerous,” says Myroff.
“If you install the fake version of Adobe Flash you will actually be infecting your computer with a malicious Trojan horse detected by Sophos as Mal/Beav-027. If infected by it, PC owners could find their data has been compromised and their identity potentially stolen,” he says.
Sophos experts have determined that the malicious Trojan horse incorporates the following characteristics:
* The malware contains rootkit technology to conceal itself.
* It's designed to steal information from an infected computer.
* It also has general “backdoor” functionality.
* It spies on a user's keyboard and mouse inputs and can take screenshots.
* It looks for passwords.
* It submits the information it discovers to a Web server located in Kiev, Ukraine.
Users of other anti-virus products are recommended to check whether updates are available to protect their computers.
Lost in Ireland
This week also saw the personal information of almost 1 000 bank customers lost by an employee of Bank of Ireland, after the data was copied onto an unencrypted USB memory stick.
“In the wrong hands, the information could provide criminals with some of the essential stepping stones to committing identity theft,” explains Myroff.
Bank of Ireland has informed most of the people affected by the data breach, and will monitor their accounts for unusual activity. With proper checks and measures in place, it should have been possible to control access to the memory stick and ensure any sensitive data copied to it remained encrypted.
Sophos has also seen a spate of malicious spam this week designed to fool Internet users into an infection by a Trojan horse. The e-mails typically tell users they can activate or register an account by using information in the attached file.
Of course, the natural first question users have is likely to be “What account?” as the e-mail body doesn't explain this, and the subject lines of “The Activation Keys” or “Recovery KEYS for your account” don't make it clear. The sender's e-mail address also appears to be chosen randomly.
“While many people would simply delete the e-mail and its suspicious file at this point, there are people out there who would be curious to get to the bottom of what account it might be, and might be tempted to open the attachment. This would be a big mistake,” Myroff adds.
The attached zip file (active_key.zip or the_Keys.zip) is a copy of the Troj/Invo-Zip Trojan horse, designed to take over the user's computer and compromise their data.
Share