Experts at SophosLabsâ„¢, Sophos's global
network of virus, spyware and spam analysis centers, have warned of
a spam campaign that poses as a breaking news report about the
death of Russian President Vladimir Putin, but is really an attempt
by hackers to infect computer users with a Trojan horse.
The email claims that Vladimir Putin, president
of the Russian Federation, has died.
However, embedded in the HTML email is a hidden script that
exploits the ADODB.Stream vulnerability to secretly download the
malicious Troj/Dloadr-ZP Trojan
horse from a Russian website. The Trojan horse is designed to
download further malicious code which could allow remote hackers to
gain unauthorized access to the victim's computer.
Although the link pretends to be that of a BBC News report, the
user is really directed to another Russian website purporting to be
the home of a construction firm focused on providing heating
systems for apartments and advertising training seminars.
"It appears whoever sent this spam is trying to discredit the
Russian firm in what we call a 'joe job'. Users may think that the
spam was purely an attempt to drive traffic to the construction
company's products and seminars, whereas in fact hackers are also
using the opportunity to try and infect unprotected PCs," explained
Graham Cluley,
senior technology consultant for Sophos. "Everyone should protect
their computers with security patches, up-to-date anti-virus
software, firewalls and a solid defense against spam. Hackers have
used bogus stories about breaking news stories in the past to
encourage people to open emails, and they're likely to do so
again."
Sophos's anti-malware products were automatically updated to
protect against the Troj/Dloadr-ZP Trojan horse at 05:22 GMT on 12
July 2006.
"Normally, a joe job is a spam campaign forged to appear as
though it came from an innocent party, with the intention of
incriminating or pinning blame onto them," continued Cluley. "In
this case, users wanting to read the news report may think that the
emails came from the Russian website they are directed to selling
seminars and heating systems. In truth, the spam emails came from a
zombie network of compromised computers around the world, being
exploited by the hackers. If users aren't careful they could find
their PCs part of the zombie network as well."
Sophos recommends companies automatically update their corporate
virus protection, and run a consolidated
solution at the email gateway to defend against viruses and
spam.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.