Experts at SophosLabsâ„¢, Sophos's global
network of virus, spyware and spam analysis centers, have warned of
a widespread email spam campaign that poses as a screensaver, but
is really designed to install a Trojan horses and rootkits on
infected Windows PCs.
The emails, which are being seen in inboxes worldwide, claim
that the recipient has been sent a screensaver by a friend and
tells the user to open the attachment (called bsaver.zip).
The emails claim to have a screensaver
attached.
The emails used in the malicious spam campaign contain phrasing
such as "Good morning/evening, man! Realy cool screensaver in your
attachment!" and use a variety of subject lines including:
Life is beautiful
Life will be better
Good summer
help you
Clicking on the file contained inside the ZIP attachment infects
users with the Troj/Agent-FZB Trojan
horse, which drops two rootkits to try and hide from security
software.
"If you receive an unsolicited email with an encouragement to
run the 'cool screensaver' attached then alarm bells should
instantly be ringing in your head," said Graham Cluley, senior
technology consultant at Sophos. "Hackers are using a mixture of
social engineering and stealth-mode rootkits to try and take
advantage of Windows users who forget to think before they
click."
Sophos anti-virus products detect the rootkits used in the
malicious spam campaign as Troj/NTRootK-BY and
Troj/Agent-FVT.
Customers have been defended against the attack since 01:20 GMT on
27 July 2007.
"Rootkits are software frequently used by third parties -
usually a hacker - to hide other software and processes using
advanced stealth techniques. Malicious code, such as spyware and
keyloggers, can be invisibly cloaked from detection by conventional
security products or the operating system making them hard to
detect," explained Cluley. "Hackers use rootkit technology to
maintain access to a compromised computer without the user's
knowledge, so it's important to be properly defended from these
sort of threats."
Sophos Anti-Rootkit identifies known and unknown rootkits, and
is available to
download - free of charge - for non-Sophos users, as well as
existing customers.
Sophos recommends companies automatically update their corporate
virus protection, and run a consolidated
solution to defend against malware, spyware, hackers and
spam.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.