In this section

• Home
• Press office
• News archive
• Articles
• 2006
• 02

• Journalists' guide
• News archive

Talk to our experts

• Press contacts

Resources

• Sophos Podcasts
• SophosLabs blog
• Graham Cluley's blog
• Image gallery
• Customer case studies
• Free anti-virus
• White papers
• Awards and reviews
• Industry affiliations

Info feeds

• Security news
• Company news

• Security news
• Company news

What are info feeds?

1 February 2006

Spammed Trojan horse pretends to come from anti-virus company

Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have warned of a Trojan horse that has been spammed out to email addresses disguised as a message from a Finnish anti-virus company.

The Troj/Stinx-U Trojan horse has been seen attached to email messages pretending to come from Helsinki-based F-Secure, and can have a subject line chosen from "Firefox Browsing Problem", "Mozilla Browsing Problem", or "Website Browsing Problem". The message bodies read as follows:

Hello,

I noticed whilst browsing your site that there were problems with some of your links, when I tried again with Internet Explorer the problems were not there so I assume that they were caused by me using the Mozilla browser.

As more people are turning to alternative browsers now it may be of help for you to know this. I have enclosed a screen capture of the problem so your team can get it fixed if you deem it an issue.

Kind regards,

David Adams
Dept. Research
F-Secure Development

If the attached file is executed the Trojan horse will trigger, disabling anti-virus and other security software and opening a backdoor through which hackers can gain access to infected systems.

"It's important to stress that the guys at F-Secure have done nothing wrong. They are just the unfortunate victims of internet criminals using their name as a diguise in an attempt to spread malware," said Graham Cluley, senior technology consultant at Sophos. "Running the file attached to the email will lower security on the PC, and allow hackers to gain access to spy, steal and cause havoc."

Last week, Sophos reported that another version of the Stinx Trojan horse had been distributed posing as a CCTV picture of a university campus rapist.

Sophos recommends that companies protect their email gateways with a consolidated solution to defend against viruses and spam, as well as apply an email policy that filters unsolicited executable code at the gateway. Businesses should also secure their desktop and servers with automatically updated protection.

Sophos's anti-virus products were updated to protect against the Troj/Stinx-U Trojan horse at 13:09 GMT on 1 Feburary 2006.

• Bookmark with del.icio.us
• Submit this story to digg
• Submit this story to slashdot

About Sophos

Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com

See also:

• Spammed Trojan horse poses as CCTV picture of campus rapist
• RSS security news and live virus information feeds
• Sign up now for free notification of new viruses found in the wild