Sophos has uncovered a Trojan horse that exploits the appeal of music videos from pop stars such as Beyonce Knowles, Kelly Clarkson and Rihanna, says Brett Myroff, CEO of Netxactics.
"The disguise being used by the malware authors is just another attempt to infect users' PCs, via an e-mail claiming to point to these stars' music videos," he explains.
Clicking on a link inside the e-mail will send surfers to a Web page containing a malicious script and the Trojan horse. "If infected, hackers can use victims' computers to steal personal information, spam out malware and junk e-mail, or launch distributed denial of service attacks against innocent parties," he says.
This week's line-up of lower prevalence malware attacks includes the Troj/Lineag-BE, which affects the Windows operating system. Some of its nasty side-effects include dropping more malware, downloading code for the Internet and installing itself in the registry.
When first run, Troj/Lineag-BE copies itself to <Program Files>\Windows NT\services.exe and a registry entry is changed to run Troj/Lineag-BE on start-up.
Troj/Haoba-A, another Trojan that affects Windows users, installs itself in the registry and includes functionality to access the Internet and communicate with a remote server via HTTP.
Troj/Cimuz-CP, also Windows-based, is occurring under a number of aliases, including: W32/Rewal.gen1, New PE-d, Win32/TrojanProxy.Cimuz.BW, Trojan-Proxy.Win32.Cimuz.bw.
Troj/Cimuz-CP includes functionality to access the Internet and communicate with a remote server via HTTP.
The W32/DelCyc-A worm has also been detected, again infecting unsuspecting Windows users. "The worm runs continuously in the background, providing a backdoor server that allows a remote intruder to gain access and control over the user's machine," says Myroff.
Its aliases include Virus.Win32.AutoRun.dg and Win32/AutoRun.J worm.
When first run, W32/DelCyc-A copies itself to <Windows>\Offline Web Pages\svchost.exe, which is registered as a new system driver service named "SysSch". It has a display name of "System Scheduler" and it is started automatically during system start-up.
Instances of the Troj/Small-EKC Trojan have also been noted.
Share
Editorial contacts