Security news27 July 2007
Life isn't beautiful - spammed out screensaver installs rootkits and Trojan horse Windows users struck by rootkit email attack
Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have warned of a widespread email spam campaign that poses as a screensaver, but is really designed to install a Trojan horses and rootkits on infected Windows PCs.
The emails, which are being seen in inboxes worldwide, claim that the recipient has been sent a screensaver by a friend and tells the user to open the attachment (called bsaver.zip).
The emails claim to have a screensaver attached.
The emails used in the malicious spam campaign contain phrasing such as "Good morning/evening, man! Realy cool screensaver in your attachment!" and use a variety of subject lines including:
Life will be better
Good summer
help you
Clicking on the file contained inside the ZIP attachment infects users with the Troj/Agent-FZB Trojan horse, which drops two rootkits to try and hide from security software.
"If you receive an unsolicited email with an encouragement to run the 'cool screensaver' attached then alarm bells should instantly be ringing in your head," said Graham Cluley, senior technology consultant at Sophos. "Hackers are using a mixture of social engineering and stealth-mode rootkits to try and take advantage of Windows users who forget to think before they click."
Sophos anti-virus products detect the rootkits used in the malicious spam campaign as Troj/NTRootK-BY and Troj/Agent-FVT. Customers have been defended against the attack since 01:20 GMT on 27 July 2007.
"Rootkits are software frequently used by third parties - usually a hacker - to hide other software and processes using advanced stealth techniques. Malicious code, such as spyware and keyloggers, can be invisibly cloaked from detection by conventional security products or the operating system making them hard to detect," explained Cluley. "Hackers use rootkit technology to maintain access to a compromised computer without the user's knowledge, so it's important to be properly defended from these sort of threats."
Sophos Anti-Rootkit identifies known and unknown rootkits, and is available to download - free of charge - for non-Sophos users, as well as existing customers.
- Read more about the threat on the SophosLabs blog
- Free download of Sophos Anti-Rootkit
- Download a Sophos podcast: "Rootkits: What you need to know"
Sophos recommends companies automatically update their corporate virus protection, and run a consolidated solution to defend against malware, spyware, hackers and spam.
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
About Sophos
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.
See also:
- Sophos Security Threat Report reveals record number of new web-borne threats in 2007
- Detect and remove rootkits with free download of Sophos Anti-Rootkit
- Learn more about the latest threats on the SophosLabs blog
- Listen to Sophos podcasts
- Sign up now for free notification of new viruses found in the wild
