|
| The Trojan horse has been spammed out to email
users. |
Experts at SophosLabsâ„¢, Sophos's global
network of virus, spyware and spam analysis centers, have warned of
a Trojan horse that has been spammed out to email addresses
disguised as a warning about a university rapist.
The Troj/Stinx-N Trojan horse
spams out email messages, which can have a subject line from "CCTV
still of Rapist", "Do you recognise this person?", or "Campus
Student Raped" contain the following message:
Hello,
During the early morning of January 25 2006, a campus
student was the victim of a horrific sexual assault within college
grounds. Eyewitnesses report a tall black man in grey pants running
away from the scene. Campus CCTV has caught this man on camera and
are looking for ways to identify him. If anyone recognises the
attached picture could they inform administraion
immediatly
Regards,
Robert Atkins
Campus Administration
Attached files containing the Trojan horse include "Suspects
Photo.exe", "suspect image.exe",
"CCTVstill.exe", "CCTV-footage.exe", and
"suspicious photo.exe"
Sophos has received reports of the Trojan horse being spammed to
email addresses at universities in North America and the United
Kingdom, but warns that the hackers may not limit themselves to
academic email addresses.
"Launching the attached file will not show you a CCTV picture of
a rapist, but instead punch a hole in the security of your PC,"
said Graham
Cluley, senior technology consultant at Sophos. "Hackers are
reaching an all time low with this attempt to encourage kind
well-meaning people into opening their malicious file. Anyone
unfortunate enough to run this program is running the risk of
allowing hackers to gain access to their computer to spy, steal and
cause havoc."
Sophos recommends that all computer users should ensure that
they are running an anti-virus product which is configured to
automatically update itself, security patches and firewall
software.
"If you ever doubted that the minds behind viruses, worms and
Trojan horses were sick and twisted, here's the proof," continued
Cluley. "Keeping anti-virus software up-to-date is a must. Regular
anti-virus updates combined with sensible safe computing policies
and strong email policy at the gateway reduces the risk of threats
like this to a minimum."
Sophos recommends that companies protect their email gateways
with a consolidated solution to defend
against viruses and spam, as well as apply an email policy that
filters unsolicited executable code at the gateway. Businesses
should also secure their desktop and servers with automatically
updated protection.
Sophos's anti-virus products were updated to protect against the
Troj/Stinx-N Trojan horse at 16:32 GMT on 27 January 2006.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.