Experts at SophosLabsâ„¢, Sophos's global
network of virus, spyware and spam analysis centers, have warned of
a widespread email spam campaign that poses as a video of American
Independence Day fireworks, but is really attempt to lure innocent
computer users into having their computers hacked. The attack is
the latest from the gang behind the Dorf malware, also known as the
Storm worm.
Users attempting to watch the fireworks video
will instead be infected by malicious code.
Subject lines used in emails sent by the hackers include:
Amazing Independence Day
salute
Amazing firework 2008
America for You and Me
America the Beautiful
Celebrate Independence
Celebrate with Pride
Celebrating Fourth of July
Celebrations have already begun
Fabulous Independence Day firework
God bless America
Happy Fourth of July
Happy Independence Day
Independence Day firework broke all records
Light up the sky
Proud to be an American
Sparkling Celebration of Independence Day
Spectacular fireworks show
Super 4th!
The best of 4th of July Salute
Inside each email is a simple phrase such as "Amazing
Independence Day salute" or "The best firework you've ever seen",
followed by an IP address. Visiting the IP address takes the
unsuspecting user to a malicious webpage, which disguises itself as
a video player showing a firework display, with the following
message:
Colorful Independence Day events have
already started throughout the country. The largest firework
happens on the last weekday before the Fourth of July.
Unprecedented sum of money was spent on this fabulous show. If you
want to see the best Independence Day firework just click on the
video and run it.
However, clicking on the 'video' prompts the computer to attempt
to download a file called 'fireworks.exe' onto Windows PCs, which
Sophos proactively intercepts as the Troj/Dorf-BP
Trojan horse.
"Everyone loves fireworks, but you're not going to be feeling in
the mood for celebrations if this malware infects your Windows PC,
turning it into a part of a botnet for criminals to commit identity
theft and launch spam and malware campaigns," said Graham Cluley, senior
technology consultant at Sophos. "Americans are not the only ones
at risk as they open their email this morning - people around the
world with US-based friends may be tempted to follow the link and
watch the video. Many Americans may be taking the day off today to
celebrate their country's independence, and return to work on
Monday morning not realising what may be waiting for them in their
inbox."
Sophos recommends companies automatically update their corporate
virus protection, and run a consolidated
solution to defend against malware, spyware, hackers and
spam.
"The gang behind the Dorf family of attacks, also known as the
Storm worm, have targeted other holidays in the past - Christmas,
St
Valentine's Day, Halloween..
the list goes on," continued Cluley. "The reason that they do this
is very simple - it works. People fall for tricks like this all the
time. Companies and individuals need to protect themselves with
up-to-date anti-virus protection and learn not to be caught out by
this kind of simple confidence trick again."
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.