Sectors
Companies
About
Subscribe

Breaking CNN news a hoax

By Brett Myroff for Sophos South Africa
Johannesburg, 15 Aug 2008

Top of mind this week was a hacking gang bombarding Internet users' inboxes worldwide with dangerous e-mails claiming to be breaking news from CNN, explains Brett Myroff, CEO of regional Sophos distributor, Sophos South Africa.

"A typical example of this attack claims that Hollywood icon Elizabeth Taylor has been found murdered," he says.

E-mails claim to come from msnbc.com and have "BREAKING NEWS" in the subject line. Some of the news features used to get users to click through to a malicious site include:

* McCain told lies to win votes
* Anthrax case solved
* Preliminary polls for the election
* Google launches free music downloads in China
* Jerry Yang relinquishes control over Yahoo
* Apple September show highly anticipated
* High calorie food banned in canteens
* Abortion made illegal in New York
* Tiger Woods to take two-year break from golf
* Europeans dislike Americans' attitudes
* McDonald's found to breach FDA regulations, suspended from trading
* Mary-Kate Olsen responsible for Heath Ledger's death
* Plane crashes into prep school, hundreds of kids killed
* Stocks set to fall on recession
* Obama set to win presidency

Clicking on the link does not take the user to MSNBC's Web site, but to a malicious Web page hosting a Mal/EncPk-DA infection, explains Myroff.

Trojans

According to Myroff, this week's line-up of low to medium prevalence threats includes Troj/Bravo-G, a backdoor Trojan that allows a remote intruder to gain access and control over the computer.

Troj/Bravo-G includes functionality to access the Internet and communicate with a remote server via HTTP.

"When first run, Troj/Bravo-G copies itself to <System>\NMBgMonitor.exe," says Myroff.

Troj/FakeVir-ES, another Trojan affecting Windows users, claims to be an anti-virus scanner called "WinProtector", warns Myroff.

"Troj/FakeVir-ES scans the computer and falsely reports presence of malware infections on the computer. Troj/FakeVir-ES then persistently prompts the user to purchase the full version of "WinProtector" in order to clean up the infections," Myroff says.

Other Trojans that have been noted this week include:

* Troj/Agent-HLA
* Troj/Bifrose-WC
* Troj/FakeAle-FG
* Troj/Mdrop-BUS
* Troj/Small-ELW
* Troj/Agent-HKY
* Troj/Agent-HKZ
* Troj/Agent-HKX

Share

Editorial contacts

Adriaan du Plessis
(011) 447 3785
metalkpretty@telkomsa.net