Security news27 June 2006
"You had me at hello" : Word attack spammed out as malicious email attachment Kukudro Trojan horse downloads further malicious code from the internet
The Kukudro Trojan horse arrives as an email attachment
Updated 28 June 2006 to include latest prevalence statistics.
Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have warned of a Trojan horse that has been spammed out in large quantities to email users around the world.
The WM97/Kukudro-A Trojan horse has been spammed out in email messages, which can have a variety of subject lines including "worth to see", "prices", "Hi", and "Hello", and accounts for over 35% of all malware reported at Sophos's global network of monitoring stations in the last 24 hours.
The body of the message reads as follows:
Hello <name>
--
Regards, <name> <email address>
Where <name> and <email address> are changing. Attached to the email is a zip file (variously called prices.zip, apple_prices.zip or sony_prices.zip) containing a malicious Microsoft Word document entitled my_Notebook.doc.
The Word document contains information about Apple, HP and Sony laptop computers for sale, but secretly attempts to install another Trojan horse, called W32/Kuku-A, onto the user's hard drive.
"People may be curious as to why they have been sent the email and open the attached file, but doing so would be a big mistake," said Graham Cluley, senior technology consultant at Sophos. "This malware is being aggressively spammed out in an attempt to break into innocent users' Windows computers. The Trojan horse will try and download further code from the internet which could allow hackers to gain access to the computer in order to spy, steal and cause havoc."
The Word document secretly installs a Trojan horse onto the PC.
Sophos has been protecting against the WM97/Kukudro-A and Troj/Kuku-A malware since 14:30 GMT on 27 June 2006.
Sophos recommends that all computer users should ensure that they are running an anti-virus product which is configured to automatically update itself, security patches and firewall software.
Sophos recommends that companies protect their email gateways with a consolidated solution to defend against viruses, spyware and spam, as well as apply an email policy that filters unsolicited executable code at the gateway. Businesses should also secure their desktop and servers with automatically updated protection.
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
About Sophos
Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com
