Experts at SophosLabs™, Sophos's global
network of virus, spyware and spam analysis centers, have warned
that the hackers behind the widespread "Storm Trojan" which was
spammed widely across the internet on Friday 19 June have now
renewed their activities using a new piece of malware,
Sophos began to see evidence via its global network of spamtraps
at 21:52 GMT of the new malware distribution. These latest spam
messages, which have a malicious email attachment, have been
sighted being sent from computers in 80 different countries so far
including USA, Turkey, South Korea, France, Germany, United Kingdom
Subject lines seen so far include:
Radical Muslim drinking enemies's blood.
Chinese missile shot down Russian satellite
Chinese missile shot down Russian aircraft
Chinese missile shot down USA aircraft
Chinese missile shot down USA satellite
Russian missile shot down USA aircraft
Russian missile shot down USA satellite
Russian missile shot down Chinese aircraft
Russian missile shot down Chinese satellite
Saddam Hussein safe and sound!
Saddam Hussein alive!
Attached to each email is a file with one of the following
names: Full Clip.exe, Full News.exe, Full Story.exe, Full Text.exe,
Full Video.exe, Read More.exe, or Video.exe.
"Many of these subject lines are referring to today's controversial
news that China shot down one of its own satellites with a
medium-range ballistic missile last week," Graham Cluley, senior
technology consultant for Sophos. "It's clear that the hackers
behind these attacks are using breaking news stories to tempt
computer users into clicking on the dangerous attachments. But if
you launch the attached program you are putting your PC and your
finances at risk - hackers will break in, steal and cause havoc if
they gain access to your computer."
Sophos's gateway products have been updated to detect the
messages as spam, preventing them from reaching users'
Experts at SophosLabs have also issued protection against the
malware, calling it Troj/Dorf-Fam.
Customers are advised to ensure that they have automatic updates
enabled, and never open unsolicited email attachments, to ensure
the highest level of protection. Businesses are advised to consider
implementing a policy at their email gateway which quarantines
executable attachments sent into their business from the outside
"With most people having left work for the weekend, this latest
wave of attack is more likely to strike hard on consumers' PCs
rather than businesses who at least have until Monday to ensure
their virus defenses are up-to-date," continued Cluley. "The gang
behind this criminal attack may be relying precisely on the fact
that home users tend to be more laid back about updating their
Sophos recommends companies automatically update their corporate
virus protection, and run a consolidated
solution at the email gateway to defend against malware,
spyware and spam.