This week, Sophos called on UK authorities to take more control of their current and old Web sites, following the discovery that the Government no longer owns the domain name for the now defunct National High Tech Crime Unit (NHTCU) - www.nhtcu.org.
The NHTCU came to an abrupt end in April 2006 when its work was transferred to the Serious Organised Crime Unit (SOCA). Yet, Web sites around the world still link to and point readers to the NHTCU site. As recently as this weekend, the BBC linked to the Web site from a story about NASA hacker, Gary McKinnon. However, earlier in the week, Sophos experts discovered that the site is no longer owned by the UK government, but by an enterprising German Internet marketer who bought the domain on 2 August 2008.
Experts at Sophos note that while the current owner, Uwe Matt, has done nothing illegal in buying the site, the authorities should never have allowed this to happen. According to the company, it's likely that Matt bought the site in order to get higher rankings on search Web sites like Google, but there is nothing to stop him selling the Web site domain on to someone else who may use the site to host malicious code or spam-related content.
"With reputable organisations still linking to the site, the danger is that innocent computer users could accidentally find themselves the victim of a cyber attack," says Brett Myroff, CEO of regional Sophos distributor, Sophos South Africa.
In the worst possible scenario, he says, fraudsters could in future use the site to pretend to be the National High Tech Crime Unit and try and harvest confidential information from computer crime victims. "This situation may never arise, but the message is clear - all organisations must take proper care of their Web site domains, especially if they are widely linked to from other sites," Myroff says.
This week's line-up of low to medium-threat Trojans includes the Troj/DwnLdr-HHI, a Javacript downloader Trojan for the Windows platform.
W32/GetCodec-A, a worm for the Windows platform, is also currently making the rounds. When run, the worm sets a number of registry entries.
It has the functionalities to:
* Search the infected computer for files with the extension of .mp3, .wmv, .wma .mp2 and .mp3.
* Convert the located files to wma format without modifying the original filename and extension.
* Insert the functionality to download code from a remote Web site into the converted wma format files.
The W32/Autorun-IV has also been seen. It drops more malware and installs itself in the registry.
Share
Editorial contacts