Press Releases

Browse our press release archive

06 May 2005

Trojan poses as "Tony Blair email account hacked!" message, Sophos reports on election night hack attack

Election night fright as hackers attack innocent users' bank accounts

Mouse click
Users are being warned not to click on links claiming that Tony Blair's email account has been hacked.

Experts at SophosLabs™, Sophos's global network of virus and spam analysis centres, have warned computer users to be wary of an email message that has been sent out in the early hours of Friday morning, claiming that British Prime Minister Tony Blair's email account has been hacked. The email message, has been spammed out to British email addresses during the night of the UK elections, which saw Blair's Labour party returned to office for a third term.

Sophos warns that users who click on the link contained in the email can be infected by a series of Trojan horses that aim to steal confidential information from infected PCs, and sensitive online banking account details.

The email arrives with the subject line:

BBC: Tony Blair email account hacked!

and the message body:

BBC: Tony Blair email account hacked!
Screenshot is here!
The email claims that Tony Blair's email account has been hacked
The email claims that Tony Blair's email account has been hacked.

"Clicking on the link takes users to a website which invisibly installs a Trojan horse on the victim's computer. This Trojan horse then attempts to install other malicious code onto the infected computer and install password stealers which can be used by hackers for grabbing sensitive information and bank account details," said Graham Cluley, senior technology consultant for Sophos. "The computer underground knew that many in Britain would be following the latest political news this morning, and have deliberately created a bogus story about Blair's email account being hacked to lure people into clicking on their malicious link. Everyone should exercise extreme care about how they respond to unsolicited emails, and ensure their anti-virus and anti-spam software is kept up-to-date."

One of the Trojan horses, Troj/PWSAgent-A, attempts to steal INETCOMM server passwords, Microsoft Internet Explorer FTP passwords, Outlook account manager passwords, and POP3, HTTP and ISP email addresses. Other malicious code used in the attack includes Troj/JDownL-A, Troj/Viper-A, Troj/Viperjs-A and the Troj/Dumaru-BE banking Trojan horse.

"Curiously it appears that the people behind this election night hack attack may have made a small error. It appears that the email messages were supposed to display a photograph of Tony Blair from the BBC website to lend it credence, but an elementary mistake in their HTML coding has meant only the text of the message is displayed rather than a picture of the Prime Minister," continued Cluley.

Sophos experts have issued anti-virus updates to protect customers. Sophos PureMessage, Sophos's consolidated gateway protection against viruses and spam, already detects the emails as unsolicited spam.

In 2003, a different worm displayed a scathing attack on the policies of Tony Blair's government and attempted to launch a denial-of-service attack against the 10 Downing Street website.

About Sophos

More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing complete security solutions that are simple to deploy, manage, and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, mobile and network security solutions backed by SophosLabs - a global network of threat intelligence centers.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at