Experts at SophosLabsâ„¢, Sophos's global
network of virus, spyware and spam analysis centers, have warned of
a widespread spam campaign that poses as a breaking news report
about the Hurricane Katrina disaster affecting the southern states
of the USA. The campaign tries to trick innocent computer users
into visiting a bogus website which tries to infect their PCs with
malware.
The email pretends to be a breaking news
report.
Subject lines used in the malicious emails include, but are not
limited to, the following:
Re: g8 Tropical storm flooded New
Orleans.
Re: g7 80 percent of our city underwater.
Re: q1 Katrina killed as many as 80 people.
Sophos experts believe that the people behind the email attack
are deliberately adding random characters into the subject lines in
an attempt to avoid detection by rudimentary anti-spam filters.
The body of the emails can vary, but all relate to the disaster
hitting New Orleans and elsewhere across the southern American
states. A typical example reads as follows:
Mississippi Gov. Haley Barbour said Tuesday that Hurricane
Katrina killed as many as 80 people in his state and burst levees
in Louisiana flooded New Orleans.
Just before daybreak Tuesday, Katrina, now a tropical storm,
was 35 miles northeast of Tupelo, Miss., moving north-northeast
with winds of 50 mph. Forecasters at the National Hurricane Center
said the amount of rainfall has been adjusted downward
Monday.
Read More..
"Receiving or reading the emails themselves does not mean you
are infected," said Graham Cluley, senior
technology consultant for Sophos. "However, if users click on the
link contained inside the email they will be taken to a malicious
website which will try and infect their computer. Once infected the
computer is under the control of remote criminal hackers who can
use it to spy, steal or cause disruption."
Windows users who follow the web link visit a website which
pretends to be a fuller version of the news story, but exploits
vulnerabilities in Microsoft's Internet Explorer software to
install a variety of malicious code including Troj/Cgab-A, Troj/Borobot-P,
Troj/Borobot-Q,
Troj/Borodldr-H, and
Troj/Inor-R. The
malicious attack is designed to allow remote hackers to gain
unauthorized access to the victim's computer.
Clicking on the link in the email takes users
to a website which claims to contain a news story about the
disaster, but is really designed to secretly install malicious code
onto the computers of unsuspecting users.
"The hurricane is a dreadful natural disaster, and it's
sickening to think that hackers are prepared to exploit the
horrendous situation in an attempt to break into computers for the
purposes of spamming, extortion and theft," continued Cluley.
"Everyone should ensure they have defenses in place to properly
protect against the very latest malware attacks."
Sophos recommends companies automatically update their corporate
virus protection, and run a consolidated
solution at the email gateway to defend against viruses and
spam.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.