Experts at SophosLabs™, Sophos's global
network of virus, spyware and spam analysis centers, have warned of
a Trojan horse that has been spammed out to email addresses
disguised as a message from a Finnish anti-virus company.
The Troj/Stinx-U Trojan horse
has been seen attached to email messages pretending to come from
Helsinki-based F-Secure, and can have a subject line chosen from
"Firefox Browsing Problem", "Mozilla Browsing Problem", or "Website
Browsing Problem". The message bodies read as follows:
I noticed whilst browsing your site that there were problems
with some of your links, when I tried again with Internet Explorer
the problems were not there so I assume that they were caused by me
using the Mozilla browser.
As more people are turning to alternative browsers now it
may be of help for you to know this. I have enclosed a screen
capture of the problem so your team can get it fixed if you deem it
If the attached file is executed the Trojan horse will trigger,
disabling anti-virus and other security software and opening a
backdoor through which hackers can gain access to infected
"It's important to stress that the guys at F-Secure have done
nothing wrong. They are just the unfortunate victims of internet
criminals using their name as a diguise in an attempt to spread
malware," said Graham
Cluley, senior technology consultant at Sophos. "Running the
file attached to the email will lower security on the PC, and allow
hackers to gain access to spy, steal and cause havoc."
Last week, Sophos reported that another version of the Stinx
Trojan horse had been distributed
posing as a CCTV picture of a university campus rapist.
Sophos recommends that companies protect their email gateways
with a consolidated solution to defend
against viruses and spam, as well as apply an email policy that
filters unsolicited executable code at the gateway. Businesses
should also secure their desktop and servers with automatically
Sophos's anti-virus products were updated to protect against the
Troj/Stinx-U Trojan horse at 13:09 GMT on 1 Feburary 2006.