Experts at SophosLabsâ„¢, Sophos's global
network of virus, spyware and spam analysis centers, have warned
that the hackers behind the widespread "Storm Trojan" which was
spammed widely across the internet on Friday 19 June have now
renewed their activities using a new piece of malware,
Troj/Dorf-Fam.
Sophos began to see evidence via its global network of spamtraps
at 21:52 GMT of the new malware distribution. These latest spam
messages, which have a malicious email attachment, have been
sighted being sent from computers in 80 different countries so far
including USA, Turkey, South Korea, France, Germany, United Kingdom
and Brazil.
Subject lines seen so far include:
-
Radical Muslim drinking enemies's blood.
-
Chinese missile shot down Russian satellite
-
Chinese missile shot down Russian aircraft
-
Chinese missile shot down USA aircraft
-
Chinese missile shot down USA satellite
-
Russian missile shot down USA aircraft
-
Russian missile shot down USA satellite
-
Russian missile shot down Chinese aircraft
-
Russian missile shot down Chinese satellite
-
Saddam Hussein safe and sound!
-
Saddam Hussein alive!
Attached to each email is a file with one of the following
names: Full Clip.exe, Full News.exe, Full Story.exe, Full Text.exe,
Full Video.exe, Read More.exe, or Video.exe.
"Many of these subject lines are referring to today's controversial
news that China shot down one of its own satellites with a
medium-range ballistic missile last week," Graham Cluley, senior
technology consultant for Sophos. "It's clear that the hackers
behind these attacks are using breaking news stories to tempt
computer users into clicking on the dangerous attachments. But if
you launch the attached program you are putting your PC and your
finances at risk - hackers will break in, steal and cause havoc if
they gain access to your computer."
Sophos's gateway products have been updated to detect the
messages as spam, preventing them from reaching users'
desktops.
Experts at SophosLabs have also issued protection against the
malware, calling it Troj/Dorf-Fam.
Customers are advised to ensure that they have automatic updates
enabled, and never open unsolicited email attachments, to ensure
the highest level of protection. Businesses are advised to consider
implementing a policy at their email gateway which quarantines
executable attachments sent into their business from the outside
world.
"With most people having left work for the weekend, this latest
wave of attack is more likely to strike hard on consumers' PCs
rather than businesses who at least have until Monday to ensure
their virus defenses are up-to-date," continued Cluley. "The gang
behind this criminal attack may be relying precisely on the fact
that home users tend to be more laid back about updating their
anti-virus protection."
Sophos recommends companies automatically update their corporate
virus protection, and run a consolidated
solution at the email gateway to defend against malware,
spyware and spam.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.