Keith Moon
July 11th, 2005, 11:54 PM
Virus writer exploits London bomb blasts
By Will Sturgeon, Special to ZDNet (edit@zdnet.com.au)
11 July 2005
Link:
http://zdnet.com.au/news/security/0,2000061744,39201838,00.htm
A virus has been spotted in the wild which attempts to exploit concerns surrounding the bomb blasts that rocked London last Thursday and left at least 50 people dead. An e-mail purporting to offer a link to amateur video footage of the events on the London Underground in the aftermath of the bomb blast will install a Trojan on users' machines if they click on the attachment.
According to UK e-mail security firm MessageLabs the e-mail appears as a mocked-up html newsletter from CNN with the subject line 'TERROR HITS LONDON'.
The sender's e-mail address appears as breakingnews@CNNonline.com. Although that address could easily have been spoofed, the domain is not an official CNN domain and is registered to a firm in Florida.
The e-mail asks recipients to 'See attachments for unique amateur video shots'.
The file name, 'London Terror Moovie.avi' appears a valid film clip bar the typo in 'movie', however after 124 character spaces there is the real .exe file name, though even this has been disguised as 'Checked By Norton Antivirus.exe'.
When executed the attachment copies itself to /Windir/winlog.exe and modifies the Windows registry key HKLM/Software/microsoft/Windows/CurrentVersion/Run so that it runs automatically on start-up, according to MessageLabs.
The Trojan then uses the compromised PC and the SMTP servers which it is configured to use to send out large volumes of spam e-mail.
This is the latest instance of social engineering as virus writers prey upon topical and occasionally disturbing incidents to make their attachments appeal to curious minds.
The Asian tsunami, the war in Iraq and also the 9/11 attacks on New York saw similar social engineering attempts.
- ...and this time, it's not an old, outdated virus. :noid:
By Will Sturgeon, Special to ZDNet (edit@zdnet.com.au)
11 July 2005
Link:
http://zdnet.com.au/news/security/0,2000061744,39201838,00.htm
A virus has been spotted in the wild which attempts to exploit concerns surrounding the bomb blasts that rocked London last Thursday and left at least 50 people dead. An e-mail purporting to offer a link to amateur video footage of the events on the London Underground in the aftermath of the bomb blast will install a Trojan on users' machines if they click on the attachment.
According to UK e-mail security firm MessageLabs the e-mail appears as a mocked-up html newsletter from CNN with the subject line 'TERROR HITS LONDON'.
The sender's e-mail address appears as breakingnews@CNNonline.com. Although that address could easily have been spoofed, the domain is not an official CNN domain and is registered to a firm in Florida.
The e-mail asks recipients to 'See attachments for unique amateur video shots'.
The file name, 'London Terror Moovie.avi' appears a valid film clip bar the typo in 'movie', however after 124 character spaces there is the real .exe file name, though even this has been disguised as 'Checked By Norton Antivirus.exe'.
When executed the attachment copies itself to /Windir/winlog.exe and modifies the Windows registry key HKLM/Software/microsoft/Windows/CurrentVersion/Run so that it runs automatically on start-up, according to MessageLabs.
The Trojan then uses the compromised PC and the SMTP servers which it is configured to use to send out large volumes of spam e-mail.
This is the latest instance of social engineering as virus writers prey upon topical and occasionally disturbing incidents to make their attachments appeal to curious minds.
The Asian tsunami, the war in Iraq and also the 9/11 attacks on New York saw similar social engineering attempts.
- ...and this time, it's not an old, outdated virus. :noid: