IT security and control firm Sophos is warning computer users of a widespread e-mail spam campaign that poses as a video of American Independence Day fireworks, but is really an attempt to lure innocent victims into having their computers hacked.
The attack is the latest from the gang behind the Dorf malware, also known as the Storm worm.
Subject lines used in e-mails sent by the hackers include:
Amazing Independence Day salute
America the Beautiful
Celebrating Fourth of July
Fabulous Independence Day firework
God bless America
Happy Fourth of July
Samples intercepted by Sophos show that inside each e-mail is a simple phrase such as "Amazing Independence Day salute" or "The best firework you've ever seen", followed by a Web link. Visiting the IP address takes the unsuspecting user to a malicious Web page, which disguises itself as a video player showing a firework display, with the following message:
"Colourful Independence Day events have already started throughout the country. The largest firework happens on the last weekday before the Fourth of July. Unprecedented sum of money was spent on this fabulous show. If you want to see the best Independence Day firework just click on the video and run it."
However, clicking on the 'video' prompts the computer to attempt to download a file called 'fireworks.exe' onto Windows PCs, which Sophos proactively intercepts as the Troj/Dorf-BP Trojan horse.
"Nobody's going to be feeling in the mood for celebrations if this malware infects your Windows PC, turning it into a part of a botnet for criminals to commit identity theft and launch spam and malware campaigns," says Brett Myroff, CEO of regional Sophos distributor, Sophos South Africa.
"Americans are not the only ones at risk - people around the world with US-based friends may be tempted to follow the link and watch the video. Many Americans may be taking the day off today to celebrate their country's independence, and return to work on Monday morning not realising what may be waiting for them in their inbox."
Sophos recommends companies automatically update their corporate virus protection, and run a consolidated solution to defend against malware, spyware, hackers and spam.
The gang behind the Dorf family of attacks, also known as the Storm worm, have targeted other holidays in the past, such as Christmas, Valentine's Day and Halloween, for example. "The reason that they do this is very simple - it works. People fall for tricks like this all the time. Companies and individuals need to protect themselves with up-to-date anti-virus protection and learn not to be caught out by this kind of simple confidence trick," Myroff adds.
Share
NetXactics, trading as Sophos South Africa, is a South African-based company focused on the provision of security solutions. It is the Master Distributor for UK-based Sophos Plc, one of the leaders in the provision of network access control and endpoint, e-mail and Web security and control solutions for the corporate environment. For more information, visit NetXactics at www.netxactics.co.za.
Sophos
Sophos enables enterprises worldwide to secure and control their IT infrastructure. Our network access control, endpoint, Web and e-mail solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, we protect over 100 million users in nearly 150 countries with our reliably engineered security solutions and services. Recognised for our high level of customer satisfaction, we have an enviable history of industry awards, reviews and certifications. Sophos is headquartered in Boston, MA and Oxford, UK.
Editorial contacts