|The Trojan horse has been spammed out to email users.|
Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have warned of a Trojan horse that has been spammed out to email addresses disguised as a warning about a university rapist.
The Troj/Stinx-N Trojan horse spams out email messages, which can have a subject line from "CCTV still of Rapist", "Do you recognise this person?", or "Campus Student Raped" contain the following message:
During the early morning of January 25 2006, a campus student was the victim of a horrific sexual assault within college grounds. Eyewitnesses report a tall black man in grey pants running away from the scene. Campus CCTV has caught this man on camera and are looking for ways to identify him. If anyone recognises the attached picture could they inform administraion immediatly
Attached files containing the Trojan horse include "Suspects Photo.exe", "suspect image.exe", "CCTVstill.exe", "CCTV-footage.exe", and "suspicious photo.exe"
Sophos has received reports of the Trojan horse being spammed to email addresses at universities in North America and the United Kingdom, but warns that the hackers may not limit themselves to academic email addresses.
"Launching the attached file will not show you a CCTV picture of a rapist, but instead punch a hole in the security of your PC," said Graham Cluley, senior technology consultant at Sophos. "Hackers are reaching an all time low with this attempt to encourage kind well-meaning people into opening their malicious file. Anyone unfortunate enough to run this program is running the risk of allowing hackers to gain access to their computer to spy, steal and cause havoc."
Sophos recommends that all computer users should ensure that they are running an anti-virus product which is configured to automatically update itself, security patches and firewall software.
"If you ever doubted that the minds behind viruses, worms and Trojan horses were sick and twisted, here's the proof," continued Cluley. "Keeping anti-virus software up-to-date is a must. Regular anti-virus updates combined with sensible safe computing policies and strong email policy at the gateway reduces the risk of threats like this to a minimum."
Sophos recommends that companies protect their email gateways with a consolidated solution to defend against viruses and spam, as well as apply an email policy that filters unsolicited executable code at the gateway. Businesses should also secure their desktop and servers with automatically updated protection.
Sophos's anti-virus products were updated to protect against the Troj/Stinx-N Trojan horse at 16:32 GMT on 27 January 2006.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.