Security news
Security news12 July 2006
Vladimir Putin death spam helps spread Trojan horse Hackers try to infect users while attempting a "joe job" to discredit Russian heating firm
Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have warned of a spam campaign that poses as a breaking news report about the death of Russian President Vladimir Putin, but is really an attempt by hackers to infect computer users with a Trojan horse.
The email claims that Vladimir Putin, president of the Russian Federation, has died.
However, embedded in the HTML email is a hidden script that exploits the ADODB.Stream vulnerability to secretly download the malicious Troj/Dloadr-ZP Trojan horse from a Russian website. The Trojan horse is designed to download further malicious code which could allow remote hackers to gain unauthorized access to the victim's computer.
Although the link pretends to be that of a BBC News report, the user is really directed to another Russian website purporting to be the home of a construction firm focused on providing heating systems for apartments and advertising training seminars.
"It appears whoever sent this spam is trying to discredit the Russian firm in what we call a 'joe job'. Users may think that the spam was purely an attempt to drive traffic to the construction company's products and seminars, whereas in fact hackers are also using the opportunity to try and infect unprotected PCs," explained Graham Cluley, senior technology consultant for Sophos. "Everyone should protect their computers with security patches, up-to-date anti-virus software, firewalls and a solid defense against spam. Hackers have used bogus stories about breaking news stories in the past to encourage people to open emails, and they're likely to do so again."
Sophos's anti-malware products were automatically updated to protect against the Troj/Dloadr-ZP Trojan horse at 05:22 GMT on 12 July 2006.
"Normally, a joe job is a spam campaign forged to appear as though it came from an innocent party, with the intention of incriminating or pinning blame onto them," continued Cluley. "In this case, users wanting to read the news report may think that the emails came from the Russian website they are directed to selling seminars and heating systems. In truth, the spam emails came from a zombie network of compromised computers around the world, being exploited by the hackers. If users aren't careful they could find their PCs part of the zombie network as well."
Sophos recommends companies automatically update their corporate virus protection, and run a consolidated solution at the email gateway to defend against viruses and spam.
Download now
- SQL injection attacks are the biggest threat
- 90% of malware on legitimate sites
- Hackers exploit Web 2.0
About Sophos
Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com
