Sophos, a world leader in IT security and control, has warned
internet users about the latest disguise being used by malware
authors in their attempt to infect people's PCs: an email claiming
to point to music videos of popstars like Beyonce Knowles, Kelly
Clarkson and Rihanna.
Experts at SophosLabsâ„¢ have
proactively protected customers against the latest wave of
malicious emails which pretend to be links to new music videos of
an assortment of popstars, but are in fact designed to install a
Trojan horse.
Subject lines include the following:
-
awesome new video
-
Cool Video is out
-
dude, check out this video, is not out yet
-
dude this is not even on MTV yet
-
OMG, check out the new video
-
this video rocks
Musical artists referred to in the emails include Beyonce, Kelly
Clarkson, Rihanna, The Eagles, Foo Fighters, R. Kelly, and Velvet
Revolver.
A typical malicious email claiming to point to
a music video of American Idol winner Kelly Clarkson.
Clicking on a link inside the email will send surfers to a
webpage containing a malicious script and a Trojan horse designed
to turn the user's PC into a compromised zombie. If infected,
hackers can use victims' computers to steal personal information,
spam out malware and junk email, or launch distributed denial of
service attacks against innocent parties.
"Earlier this week hackers were pretending that their emails
pointed to a YouTube video, before that they posed as ecards or
breaking news stories. What's clear is that they will keep on
adopting new disguises to try and infect the Windows computers of
innocent internet surfers," said Graham Cluley, senior
technology consultant for Sophos. "Some may find the prospect of
viewing the next Beyonce video irresistible. This is less of a
technological problem, and more of a human problem. It may sound
like a broken record because we say it so often, but people need to
stop clicking on links in unsolicited emails or risk a computer
virus infection."
Sophos products proactively detect the malware used by the
hackers as Troj/JSXor-Gen and
Mal/Dorf-E, without
requiring an update. Users of other vendors' products are
recommended to update their protection and ensure that they are
defended from the threats.
"Sophos's millions of users weren't affected by this latest
attack because our proactive protection intercepts the attempt to
infect PCs without requiring an update," explained Cluley. "The
hackers aren't going to stop trying to break into PCs - so everyone
needs to take security seriously online. We won't be surprised at
all to see this bunch of cybercriminals adopting another online
disguise in the near future."
Last month, Sophos published
research revealing the rise of web-based malware in the first half
of 2007. With computer users becoming increasingly aware of how to
protect against email-aware viruses and malware, hackers have
turned to the web as their preferred vector of attack.
Sophos recommends companies protect themselves with a consolidated solution which can control network access and defend
against the threats of spam, hackers, spyware and viruses.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.