The emails pose as breaking news stories.
Experts at SophosLabs™, Sophos's global
network of virus, spyware and spam analysis centers, have warned of
a widespread spam campaign that poses as a breaking news report,
but is really an attempt to lure innocent computer users into being
infected by a Trojan horse and attacked by hackers.
The distribution has been so widespread that since midnight GMT
the Trojan has accounted for over two thirds of all malware reports
seen at Sophos's global network of monitoring stations, accounting
for an infection rate of 1 in 200 of all emails being sent across
Subject lines used in the malicious emails include, but may not
limited to, the following:
230 dead as storm batters Europe.
British Muslims Genocide
Naked teens attack home director.
A killer at 11, he's free at 21 and kill again!
U.S. Secretary of State Condoleezza Rice has kicked German
Chancellor Angela Merkel
Attached to the emails are files with names such as Full
Clip.exe, Full Story.exe, Full Video.exe,
Read More.exe, Video.exe which contain malicious
"Whoever is behind this spam campaign has generated an
aggressive storm of email in the last 12 hours, and some inboxes
will be feeling battered by the deluge. On average, 1 in every 200
emails that people have received since midnight are likely to be
infected by this Trojan horse," explained Graham Cluley, senior
technology consultant for Sophos. "Receiving or reading the emails
themselves does not mean that you will be infected. However, users
must be very careful not to click on the attached file inside the
emails as that will install a Trojan horse on their computer and
put your PC in peril."
Sophos experts believe that the hackers have deliberately chosen
a subject line related to storms as European countries have been
hit hard by bad weather this week.
"Bad weather has been making headlines news across Europe in the
last couple of days, with a number of accidental deaths caused by
the high winds reported," continued Cluley. "Hackers are
deliberately exploiting public interest in breaking news stories
like this in their attempt to silently infect innocent users'
Sophos products detect the malicious Trojans it has seen so far
as Troj/DwnLdr-FYD and
(also known as Small.DAM) and will intercept future variants
proactively as Mal/EncPk-B using Behavioral Genotype®
Protection. Sophos's anti-spam products also intercept the
emails from reaching users' inboxes.
Sophos recommends companies automatically update their corporate
virus protection, and run a consolidated
solution at the email gateway to defend against malware,
spyware and spam.