Experts at SophosLabsâ„¢, Sophos's global
network of virus, spyware and spam analysis centers, have warned of
a widespread spam campaign that poses as a breaking news report
about the death of American marines in Iraq, but is really an
attempt to lure innocent computer users into being infected by a
Trojan horse and attacked by hackers.
The email pretends to be a breaking news
report.
Subject lines used in the malicious emails include, but are not
limited to, the following:
140 died
140 US marines kiiIled
14 US Marines Killed in Iraq Bombbing
Iraq Bommbing
140 lives was taken
Bomging takkes 140 lives
Deadly strike - 140 US marines kiilled
death in Irraq
Sophos experts believe that the people behind the email attack
are using software to deliberately obfuscate and misspell the
subject lines in an attempt to avoid rudimentary anti-spam
filters.
Although the message pretends to be sent from a variety of
different email addresses, it poses as a breaking news report from
Associated Press. Unlike the changing subject lines, the body of
the emails appears to always be the same:
14 US Marines Killed in Iraq Bombing
Guardian Unlimited
By ROBERT H. REID. BAGHDAD, Iraq (AP) - 40 minutes
ago.
14 US Marines were killed when a huge bomb destroyed their
lightly armored vehicle, urling it into the air in a giant fireball
in the deadliest roadside bombing suffered by American forces in
the Iraq war
Read more...
"Receiving or reading the emails themselves does not mean you
are infected," explained Graham Cluley, senior
technology consultant for Sophos. "However, users must be very
careful not to click on the link contained inside the mails as that
will take them to a malicious website. In an ideal world everyone
would be running industrial-strength anti-spam software at their
email gateways which would help reduce the chances of computers
being put in this kind of peril."
Windows users who follow the web link visit a website which
pretends to be a fuller version of the news story, but exploits
vulnerabilities in Microsoft's Internet Explorer software to
install the Cgab-A
and Borodr-Fam
Trojan horses. The malicious attack is designed to allow remote
hackers to gain unauthorized access to the victim's computer.
Clicking on the link in the email takes users
to a website which claims to contain a news story about the
conflict in Iraq, but is really designed to secretly install
malicious code onto the computers of unsuspecting users.
"The deaths of American marines in Iraq is a tragedy, and it's
sickening to think that hackers are prepared to exploit the
troubles in that country in an attempt to break into computers for
the purposes of spamming, extortion and theft," continued Cluley.
"Everyone should ensure they have defenses in place to properly
protect against the very latest malware attacks."
Sophos recommends companies automatically update their corporate
virus protection, and run a consolidated
solution at the email gateway to defend against viruses and
spam.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.