Security news16 August 2006
Bogus BBC news report says Berlusconi dead, spreads Trojan horse
The zip file attached to the email contains a picture of Berlusconi as well as a Trojan horse.
Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have warned of a Trojan horse that has been spammed out to email addresses disguised as a breaking news report that Silvio Berlusconi has been killed by an Israeli soldier.
The Troj/Dloadr-ALM Trojan horse has been spammed out in email messages claiming to come from bbc.italy2006@bbc.com, which can have a variety of subject lines including "Berlusconi la morte", "Berlusconi di terrorismo", "Berlusconi Tragedia", and "Berlusconi di omicidio". A typical email reads as follows:
Latest BBC News: Berlusconi was killed by Israeli soldier, Lyvian terrorist.
''Fare politica significa realizzare cose concrete''
"Ho scelto di scendere in campo e di occuparmi della cosa pubblica perch? non voglio vivere in un Paese illiberale, governato da forze immature e da uomini legati a doppio filo a un passato politicamente ed economicamente fallimentare. Mai come in questo momento l'Italia ha bisogno di persone con la testa sulle spalle e di esperienza consolidata, creative ed innovative, capaci di darle una mano, di far funzionare lo Stato ".
Silvio Berlusconi, "Per il mio Paese"
SOPPORTATO: 26 gennaio 1954 MORTO: 22 gennaio 2006
Attached to the email is a file called necfotos.zip, which contains an image of Berlusconi (silvio01.gif) and a malicious PIF file (silvio02.pif).
"The news report is - of course - false, and launching the PIF file will not show you a picture of Signor Berlusconi, but instead execute malicious code on your Windows PC," said Graham Cluley, senior technology consultant at Sophos. "Hackers are exploiting the public's interest in politics, current events and breaking news to spread malware. Anyone unfortunate enough to run this program is running the risk of allowing hackers to gain access to their computer to spy, steal and cause havoc."
Sophos recommends that all computer users should ensure that they are running an anti-virus product which is configured to automatically update itself, security patches and firewall software.
"This latest attack appears to be currently targeted towards Italian computer users, but it could spread its wings using other disguises in the future. Businesses have to learn that keeping anti-virus software up-to-date is essential," continued Cluley. "Regular anti-malware updates combined with sensible safe computing policies and strong email policy at the gateway reduces the risk of threats like this to a minimum."
Sophos recommends that companies protect their email gateways with a consolidated solution to defend against viruses, spyware and spam, as well as apply an email policy that filters unsolicited executable code at the gateway. Businesses should also secure their desktop and servers with automatically updated protection.
Sophos's anti-virus products were automatically updated to protect against the Troj/Dloadr-ALM Trojan horse at 12:09 GMT on 16 August 2006.
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
About Sophos
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.
