Sophos: Don’t fall in love with the storm trojan horse
January 2008 by Sophos
IT security and control firm Sophos is warning computer users of a widespread email posing as a message of love which attempts to install malicious code on innocent victims’ PCs. The ’romantic’ email campaign is currently accounting for eight percent, or one in every 12 emails seen by Sophos.
The gang behind the latest incarnation of the Dorf Trojan (also known as Storm) have deliberately spammed out the messages across the internet, luring unsuspecting computer users to dangerous websites.
Subject lines used in the attack are many and varied, but all pose as a romantic message. Some of them include "Falling In Love with You", "Special Romance", "You’re In My Thoughts", "Sent with Love", "Our Love Will Last", "Our Love is Strong", "Your Love Has Opened", "You’re the One", "A Toast My Love", and "Heavenly Love".
The body of the email contains a link to an IP-address based website, which is actually one of the many compromised PCs in the Storm botnet. The website displays a large red heart, while installing malware onto the visitor’s PC.
"This heart attack has been spammed out on a huge scale by an organised gang hellbent on stealing access to your PC for criminal purposes. It seems the hackers were too impatient to wait for St Valentine’s Day this year before plucking on heart strings in their attempt to infect the unwary," said Graham Cluley, senior technology consultant. "People will be truly love sick if they let the malicious code run on their PC."
Sophos analysts believe that the code is designed to attempt to download further malicious code from the internet designed to take over the PC, convert it into part of a zombie network, and use it to send spam on behalf of hacking gangs.
"Your PC and the data on it is precious, and it needs to be protected. No-one should be blinded by an unexpected romantic message into clicking on links to unknown websites. The best defence is common sense, combined with up-to-date anti-virus software and spam protection at your gateway," continued Cluley.
Sophos recommends companies protect themselves with a consolidated solution which can control network access and defend against the threats of spam, hackers, spyware and viruses.
- Sophos: Jailed Panda Worm author "rewarded" by job offer frome one of jis victims
- Sophos: Network Access Control needed to secure all desktop, mobile and guest network users
- Sophos: Malicious PDF files accounted for up to two thirds of infected email in three day spam campaign
- Sophos: Managed appliances boost security and simplify email policy enforcement
- Sophos: Over 50% of people polled admit they have stolen Wi-Fi internet access
- Sophos: 70% of businesses concerned about data leakage via email
- Sophos: Survey shows 93% concerned that they don’t know what security measures are in place, as Government admits 25m records lost
- Sophos Reports: Teenager allegedly headed international hacking ring
- Sussex Health informatics service choose Sophos in joined-up NHS IT Security initiative
- Hackers fail to take a holiday break as Sophos sees 2008 malware attacks gather steam
- Sophos : New web appliance delivers improved reporting capability and security filtering
- Sophos: First Virus writer arrester arrested in Japan... for breaching