Experts at SophosLabsâ„¢, Sophos's global
network of virus, spyware and spam analysis centers, have warned of
a widespread spam campaign that poses as a breaking news report,
but really leads computer users to an infected website. The spam
pretends to be a link to news about Iran's controversial decision
to continue work at its Ishafan nuclear plant, but is really an
attempt to lure innocent computer users into being infected by a
Trojan horse and attacked by hackers.
The email pretends to be a breaking news
report.
The Isfahan nuclear plant is the main uranium conversion
facility in Iran. Conversion is part of the process used to produce
nuclear fuel, and when enriched to a low level makes it suitable
for use in atomic weapons. The United States and European Union had
warned that resumption of work at the plant could lead to Iran
being taken to the UN Security Council for sanctions.
"Hackers are spamming out messages claiming to be breaking news
stories, in the hope that unwary internet surfers will visit the
malicious websites for further information," said Graham Cluley, senior
technology consultant at Sophos. "We saw the same gang of hackers
use a near-identical
trick about the tragic story of US marine deaths in Iraq last
week."
Subject lines used in the malicious emails include, but are not
limited to, the following:
Iran snubs pleas, resumes uranium
shift
TThe PPhantom Menace
Iran to restart U productionn
What will they do with the refined uraniuum?
Where doees Iran get its uranium ores?
How easily ccould U-238 be used to makke a
bomb?
Sophos experts believe that the people behind the email attack
are using software to deliberately obfuscate and misspell the
subject lines in an attempt to avoid rudimentary anti-spam
filters.
Windows users who make the mistake of following the web link
visit a malicious website which pretends to be a fuller version of
the news story:
The website pretends to be a news story about
the Iranian nuclear crisis.
In reality, the website exploits vulnerabilities in Microsoft's
Internet Explorer software to install the Cgab-A and Borodr-Fam Trojan
horses. The trojan horses are designed to allow remote hackers to
gain unauthorized access to the victim's computer.
"Simply reading the spam email doesn't infect you. As long as
you don't click on the link you have nothing to fear," continued
Cluley. "But if you click on the link and visit the infected
website then you are putting the safety of your data and computer
at risk. Everyone should ensure they keep their anti-virus
protection up-to-date and never follow links in unsolicited email
messages."
Sophos recommends companies automatically update their corporate
virus protection, and run a consolidated
solution at the email gateway to defend against viruses and
spam.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.