Sophos: Hackers claim to have kidnapped babies in attempt to infect PCs
August 2008 by Marc Jacob
IT security and control firm Sophos is warning computer users of a widespread spam campaign which pretends that the recipient’s baby has been kidnapped in a bid to infect users’ computers with malware.
The campaign tries to trick innocent computer users into opening a file claiming to be photographs of the infant, but instead it contains a malicious Trojan horse – known as Troj/Resex-Fam – that downloads further malware from the internet to compromise PCs and steal information.
The malicious emails carry the subject line ‘We have hijacked your baby’ and claim that a USD 50,000 reward must be paid for the child’s safe return.
"Receiving or reading these widespread emails themselves does not mean you are infected, but if users open the attachment they will be infecting their Windows computer, and giving hackers an open door to take control and steal information,” said Graham Cluley, senior technology consultant for Sophos. “Once a PC is commandeered, criminals can spy, steal or launch attacks against other parts of the net."
Sophos believes that the disguise proves hackers will stoop to any depths in order to reap financial rewards.
"There’s no other way of putting it - this attack is sick. Hackers have no qualms about exploiting a family’s natural instinct to defend its most vulnerable members. Hopefully people will pause before opening the attachment, but the reflex action of some may be to click first and think later," continued Cluley. "Everyone should ensure they have defences in place to properly protect against the very latest malware attacks."