20 Jan 2005
Sophos discovers new worm which poses as breaking news headlines
|
| The Crowt worm steals headlines from CNN's
website. |
Virus researchers at Sophos have identified a new worm which
poses as information on the latest news stories. W32/Crowt-A takes its
subject lines, message content and attachment names from headlines
gathered in real-time from the CNN website. It attempts to send
itself by email to addresses found on infected computers.
Crowt-A's subject line and attachment share the same name, but
continually change to mirror the front-page headline on the CNN
news site. The message text is also lifted from CNN's site, duping
the recipient into thinking that they are reading a bonafide
newsletter rather than receiving an infected email.
Crowt-A also installs a backdoor Trojan function. This attempts
to log keystrokes on infected PCs and sends gathered data to a
remote user. These Trojans are often used by hackers to gain
unauthorised control of PCs and to steal personal information such
as bank passwords.
"Virus writers are always looking for new tricks to entice
innocent computer users into running their malicious code; this
latest ploy feeds on people's desire for the latest news," said
Carole Theriault,
security consultant at Sophos. "Many people subscribe to legitimate
email news updates, but the message is simple - businesses need to
makes sure their anti-virus detection is constantly updated and
users need to be suspicious of all unsolicited email whether it's
promising celebrity pictures or news updates."
Although only a small number of instances of the worm have been
sighted so far, Sophos recommends companies protect their computers
with a consolidated solution to thwart the
virus and spam threats as well as secure their desktop and servers
with automatically updated anti-virus protection.
About Sophos
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.