One of the graphics attached to the email
Experts at SophosLabsâ„¢, Sophos's global
network of virus, spyware and spam analysis centers, have warned of
a new spyware Trojan horse offering pictures and intimate details
about the personal lives of the infamous Russian pop group
t.A.t.U.
The Troj/Banito-BE Trojan
horse has been spammed out to email users around the world in a
message with the subject line 'Photos of TATU', . It attempts to
entice recipients into clicking on a malicious attachment
purporting to contain photos and gossip about the controversial
duo, who first sprang to fame in 2003.
The emails have the following characteristics:
Subject line:
Photos Of TATU
Message text:
Ken points out that TATU's media blitz is continuing. They're
gonna be big, they are. The in-depth report includes such tidbits
as Julia says: "We really love each other and the sex is
phenomenal. s a thousand times better than with a man. And contrary
to what others might say, we don't just talk about it. We have sex
at least three times a day......"
The newest dailies and photos are in the tatu.chm.
The emails have three files attached: tatu_1.jpg and
tatu_2.jpg are promotional images of the duo, but
TATU.CHM is a malicious compressed HTML help file which as
well as offering an album of images of the notorious Eurovision
entrants also gives hackers access to the innocent user's PC in
order to spy, steal or cause havoc. According to Sophos, while many
companies now block executable code at their email gateway, the
infected file has the less well known *.CHM extension, which may
enable it to slip past some corporate defenses.
"t.A.T.u are better remembered for their controversial videos
and onstage antics than their music, and this Trojan exploits the
still widespread interest in the sapphic school uniform-wearing pop
duo's personal life, in order to log computer keystrokes, hijack
users' PCs and steal information," said Graham Cluley, senior
technology consultant at Sophos. "This is just one in a long line
of malware that uses celebrities to entice naive computer users,
and we'd urge even the most ardent t.A.T.u. admirers to resist
temptation and avoid clicking on the unsolicited attachments."
Opening the CHM file displays pictures and
gossip about t.A.T.u, but also installs a Trojan horse.
Sophos notes that the discovery of the Trojan coincides with the
release of a twenty song t.A.T.u. retrospective earlier in October
2006, which has sparked renewed interest in the group, particularly
in the US. In the past, celebrities such as Halle
Berry, Anna
Kournikova, Julia
Roberts, Jennifer
Lopez, Britney
Spears or the stars of 'Sex and the
City' have all been used to help malware spread.
"This celebrity-related malware has not been designed for
mischief-making - its purpose is financial gain," added Cluley.
"Cyber criminals who spread malicious code to steal information or
take control of PCs don't normally want to draw attention to
themselves, and by using such subject matter, the culprits may be
limiting their chances of success. However it's vital that users
ensure their anti-virus software is up-to-date, or they could risk
compromising both their PCs and their personal data."
Sophos recommends that companies protect their email gateways
with a consolidated solution to defend
against viruses, spyware and spam, as well as secure their desktop
and servers with automatically updated protection.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.