Sophos, a world leader in IT security and control, has warned
internet users about the latest disguise being used by malware
authors in their attempt to infect people's PCs: an email claiming
to point to a YouTube video.
Experts at SophosLabsâ„¢ have
proactively protected customers against a wave of malicious emails
that pose as links to a YouTube video. The emails, which have a
wide variety of subject lines and message texts, all encourage
recipients to click on a link to download an online movie.
Subject lines include the following:
-
Dude your gonna get caught, lol
-
LOL, dude what are you doing
-
Dude, what if your wife finds this?
-
Dude dont send that stuff to my home email
-
LOL, that is too cool.....
A typical malicious email claiming to point to
a YouTube video.
Clicking on a link inside the email will send surfers to a
webpage containing a malicious script and a Trojan horse designed
to compromise the user's PC and turn it into a zombie.
Clicking on the links in the email takes
computer users to a malicious webpage.
Interestingly, the malware that hackers are using to try and
infect innocent computer users is from the same families of malware
used in the waves of Storm
Trojan that wreaked havoc on the internet earlier this
year.
"The gang behind these attacks are amongst the most professional
we have ever seen - spewing out new variants of their code with
multiple disguises in their attempt to infect as many PCs as
possible," said Graham
Cluley, senior technology consultant for Sophos. "Clicking on
the links in the email doesn't take you to YouTube's real website,
but the IP address of a compromised PC. If infected, victims'
computers can be used by hackers to steal personal information,
spam out malware and junk email, or launch distributed denial of
service attacks against innocent parties."
Sophos products proactively detect the malware as Troj/JSXor-Gen and
Mal/Dorf-E, without
requiring an update. Users of other vendors' products are
recommended to update their protection and ensure that they are
defended from the threats.
"Sophos's proactive protection meant that our millions of users
won't have been infected by this latest attack," explained Cluley.
"Sophos recommends that everyone on the internet treats security as
a priority when they use the web and email, or risk putting their
livelihoods at risk."
Last month, Sophos published
research revealing the rise of web-based malware in the first half
of 2007. With computer users becoming increasingly aware of how to
protect against email-aware viruses and malware, hackers have
turned to the web as their preferred vector of attack.
Sophos recommends companies protect themselves with a consolidated solution which can control network access and defend
against the threats of spam, hackers, spyware and viruses.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.