Gurning picture acts as diversion for malicious hack
attack
Virus experts at Sophos have reported that a new worm
demonstrates the ancient British art of gurning, the tradition of
pulling a funny or scary face, as it infects computers.
The Wurmark-F
worm spreads via email, pretending to be from addresses such as
easy_lay666@lovenet.com, sexy_guy88@aol.com, and
sexy_lil_thing@no-ip.com. Emails can have a variety of
characteristics including:
Subject:
Hhahahah lol!!!!
Message body:
i found this on my computer from ages ago
download it and see if you can remember it
lol i was lauging like mad when i saw it! :D
email me back haha...
Subject:
Rate My Pic.......
Message body:
Hi ive sent 5 emails now and nobody will rate
my pic!! :( please download and tell me what you
think out of 10 , dont worry if you dont like it
just say i wont be offended p.s i was drunk when
it was taken :P
If recipients open the attached ZIP file and launch the files
contained inside (which can have names such as Sexy_09.jpg.scr,
Photo_01.jpg.scr, is_this_you.jpg.scr, and love_04.jpg.scr) then
they will be infected by the worm and a graphic of an elderly man
gurning is displayed:
|
| The image displayed by the Wurmark-F worm. |
As the image is being displayed, the Wurmark-F worm installs the
W32/Rbot-US
network worm and backdoor Trojan horse. This malicious worm allows
hackers to take remote control of infected computers, allowing them
to capture keystrokes and grab screenshots (allowing opportunities
for identity fraud), and even capture webcam footage of the
unsuspecting user.
"At first glance some may think this worm is harmless, and be
amused by its graphical payload, but it has the sinister intention
of handing over control of your PC to remote hackers," said
Graham Cluley,
senior technology consultant for Sophos. "Unless computer users
properly defend themselves with up-to-date anti-virus software,
firewalls and security patches then they run the risk of having
their PC exploited and their bank accounts emptied."
Sophos experts believe that the W32/Wurmark-F and W32/Rbot-US
worms are evidence of a growing trend of more and more malware
spying on innocent home computer owners and poorly-protected
businesses.
"The simple fact is that organised criminals are more involved
in virus-writing than ever before, and being more aggressive in
their attempts to find new computers to infect and control,"
continued Cluley. "If you attach a new, unpatched computer to the
internet, unprotected by proper firewalls and up-to-date anti-virus
software, then it can easily be under the control of hackers within
10 minutes."
Sophos recommends companies protect their email gateways with a
consolidated solution to defend against
viruses and spam. Businesses should also secure their desktop and
servers with automatically updated protection.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.