Security news
Security news30 August 2007
Beyonce, Rihanna, Kelly Clarkson video emails spread ecard Trojan horse Sophos proactively defends against latest attempt to hack into PCs
Sophos, a world leader in IT security and control, has warned internet users about the latest disguise being used by malware authors in their attempt to infect people's PCs: an email claiming to point to music videos of popstars like Beyonce Knowles, Kelly Clarkson and Rihanna.
Experts at SophosLabs™ have proactively protected customers against the latest wave of malicious emails which pretend to be links to new music videos of an assortment of popstars, but are in fact designed to install a Trojan horse.
Subject lines include the following:
- awesome new video
- Cool Video is out
- dude, check out this video, is not out yet
- dude this is not even on MTV yet
- OMG, check out the new video
- this video rocks
Musical artists referred to in the emails include Beyonce, Kelly Clarkson, Rihanna, The Eagles, Foo Fighters, R. Kelly, and Velvet Revolver.
A typical malicious email claiming to point to a music video of American Idol winner Kelly Clarkson.
Clicking on a link inside the email will send surfers to a webpage containing a malicious script and a Trojan horse designed to turn the user's PC into a compromised zombie. If infected, hackers can use victims' computers to steal personal information, spam out malware and junk email, or launch distributed denial of service attacks against innocent parties.
"Earlier this week hackers were pretending that their emails pointed to a YouTube video, before that they posed as ecards or breaking news stories. What's clear is that they will keep on adopting new disguises to try and infect the Windows computers of innocent internet surfers," said Graham Cluley, senior technology consultant for Sophos. "Some may find the prospect of viewing the next Beyonce video irresistible. This is less of a technological problem, and more of a human problem. It may sound like a broken record because we say it so often, but people need to stop clicking on links in unsolicited emails or risk a computer virus infection."
Sophos products proactively detect the malware used by the hackers as Troj/JSXor-Gen and Mal/Dorf-E, without requiring an update. Users of other vendors' products are recommended to update their protection and ensure that they are defended from the threats.
"Sophos's millions of users weren't affected by this latest attack because our proactive protection intercepts the attempt to infect PCs without requiring an update," explained Cluley. "The hackers aren't going to stop trying to break into PCs - so everyone needs to take security seriously online. We won't be surprised at all to see this bunch of cybercriminals adopting another online disguise in the near future."
Last month, Sophos published research revealing the rise of web-based malware in the first half of 2007. With computer users becoming increasingly aware of how to protect against email-aware viruses and malware, hackers have turned to the web as their preferred vector of attack.
- Download "Sophos Security Threat Report July 2007"
- Download a podcast on the Sophos Security Threat Report July 2007 now
Sophos recommends companies protect themselves with a consolidated solution which can control network access and defend against the threats of spam, hackers, spyware and viruses.
Do you know how many employees are running virtualisation software on their PCs?
About Sophos
Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com
