The zip file attached to the email contains a picture of Berlusconi
as well as a Trojan horse.
Experts at SophosLabs™, Sophos's global
network of virus, spyware and spam analysis centers, have warned of
a Trojan horse that has been spammed out to email addresses
disguised as a breaking news report that Silvio Berlusconi has been
killed by an Israeli soldier.
The Troj/Dloadr-ALM Trojan
horse has been spammed out in email messages claiming to come from
firstname.lastname@example.org, which can have a variety of subject lines
including "Berlusconi la morte", "Berlusconi di terrorismo",
"Berlusconi Tragedia", and "Berlusconi di omicidio". A typical
email reads as follows:
Latest BBC News: Berlusconi was killed by Israeli soldier,
''Fare politica significa realizzare cose
"Ho scelto di scendere in campo e di occuparmi della cosa
pubblica perch? non voglio vivere in un Paese illiberale, governato
da forze immature e da uomini legati a doppio filo a un passato
politicamente ed economicamente fallimentare. Mai come in questo
momento l'Italia ha bisogno di persone con la testa sulle spalle e
di esperienza consolidata, creative ed innovative, capaci di darle
una mano, di far funzionare lo Stato ".
Silvio Berlusconi, "Per il mio Paese"
SOPPORTATO: 26 gennaio 1954 MORTO: 22 gennaio 2006
Attached to the email is a file called necfotos.zip, which
contains an image of Berlusconi (silvio01.gif) and a malicious PIF
"The news report is - of course - false, and launching the PIF
file will not show you a picture of Signor Berlusconi, but instead
execute malicious code on your Windows PC," said Graham Cluley, senior
technology consultant at Sophos. "Hackers are exploiting the
public's interest in politics, current events and breaking news to
spread malware. Anyone unfortunate enough to run this program is
running the risk of allowing hackers to gain access to their
computer to spy, steal and cause havoc."
Sophos recommends that all computer users should ensure that
they are running an anti-virus product which is configured to
automatically update itself, security patches and firewall
"This latest attack appears to be currently targeted towards
Italian computer users, but it could spread its wings using other
disguises in the future. Businesses have to learn that keeping
anti-virus software up-to-date is essential," continued Cluley.
"Regular anti-malware updates combined with sensible safe computing
policies and strong email policy at the gateway reduces the risk of
threats like this to a minimum."
Sophos recommends that companies protect their email gateways
with a consolidated solution to defend
against viruses, spyware and spam, as well as apply an email policy
that filters unsolicited executable code at the gateway. Businesses
should also secure their desktop and servers with automatically
Sophos's anti-virus products were automatically updated to
protect against the Troj/Dloadr-ALM Trojan horse at 12:09 GMT on 16