Sophos

Talk to our experts

Find your local press contact

Resources

Info feeds

What are info feeds?

25 August 2007

Don't download that YouTube video! New variation of Storm worm drops ecard disguise for online movie masquerade

Sophos, a world leader in IT security and control, has warned internet users about the latest disguise being used by malware authors in their attempt to infect people's PCs: an email claiming to point to a YouTube video.

Experts at SophosLabs™ have proactively protected customers against a wave of malicious emails that pose as links to a YouTube video. The emails, which have a wide variety of subject lines and message texts, all encourage recipients to click on a link to download an online movie.

Subject lines include the following:

A typical malicious email claiming to point to a YouTube video
A typical malicious email claiming to point to a YouTube video.

Clicking on a link inside the email will send surfers to a webpage containing a malicious script and a Trojan horse designed to compromise the user's PC and turn it into a zombie.

Clicking on the links in the email takes computer users to a malicious webpage
Clicking on the links in the email takes computer users to a malicious webpage.

Interestingly, the malware that hackers are using to try and infect innocent computer users is from the same families of malware used in the waves of Storm Trojan that wreaked havoc on the internet earlier this year.

"The gang behind these attacks are amongst the most professional we have ever seen - spewing out new variants of their code with multiple disguises in their attempt to infect as many PCs as possible," said Graham Cluley, senior technology consultant for Sophos. "Clicking on the links in the email doesn't take you to YouTube's real website, but the IP address of a compromised PC. If infected, victims' computers can be used by hackers to steal personal information, spam out malware and junk email, or launch distributed denial of service attacks against innocent parties."

Sophos products proactively detect the malware as Troj/JSXor-Gen and Mal/Dorf-E, without requiring an update. Users of other vendors' products are recommended to update their protection and ensure that they are defended from the threats.

"Sophos's proactive protection meant that our millions of users won't have been infected by this latest attack," explained Cluley. "Sophos recommends that everyone on the internet treats security as a priority when they use the web and email, or risk putting their livelihoods at risk."

Last month, Sophos published research revealing the rise of web-based malware in the first half of 2007. With computer users becoming increasingly aware of how to protect against email-aware viruses and malware, hackers have turned to the web as their preferred vector of attack.

Sophos recommends companies protect themselves with a consolidated solution which can control network access and defend against the threats of spam, hackers, spyware and viruses.

PDF Read now
Sophos Security Threat Report Q1 2008
  • 15,000 new web pages hacked daily
  • Biggest botnet busted
  • 79% of malware on legitimate sites

About Sophos

Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com

See also: