Gurning picture acts as diversion for malicious hack attack
Virus experts at Sophos have reported that a new worm demonstrates the ancient British art of gurning, the tradition of pulling a funny or scary face, as it infects computers.
The Wurmark-F worm spreads via email, pretending to be from addresses such as easy_lay666@lovenet.com, sexy_guy88@aol.com and sexy_lil_thing@no-ip.com. Emails can have a variety of characteristics including:
Subject: Hhahahah lol!!!! Message body: i found this on my computer from ages ago download it and see if you can remember it lol i was lauging like mad when i saw it! :D email me back haha...
Subject: Rate My Pic....... Message body: Hi ive sent 5 emails now and nobody will rate my pic!! :( please download and tell me what you think out of 10 , dont worry if you dont like it just say i wont be offended p.s i was drunk when it was taken :P
If recipients open the attached ZIP file and launch the files contained inside (which can have names such as Sexy_09.jpg.scr, Photo_01.jpg.scr, is_this_you.jpg.scr and love_04.jpg.scr) then they will be infected by the worm and a graphic of an elderly man gurning is displayed:
As the image is being displayed, the Wurmark-F worm installs the W32/Rbot-US network worm and backdoor Trojan horse. This malicious worm allows hackers to take remote control of infected computers, allowing them to capture keystrokes and grab screenshots (allowing opportunities for identity fraud) and even capture webcam footage of the unsuspecting user.
The image displayed by the Wurmark-F worm is available at: http://www.sophos.com/images/common/misc/wurmarke.jpg
"At first glance some may think this worm is harmless, and be amused by its graphical payload, but it has the sinister intention of handing over control of your PC to remote hackers," said Graham Cluley, senior technology consultant for Sophos. "Unless computer users properly defend themselves with up-to-date anti-virus software, firewalls and security patches then they run the risk of having their PC exploited and their bank accounts emptied."
Sophos experts believe that the W32/Wurmark-F and W32/Rbot-US worms are evidence of a growing trend of more and more malware spying on innocent home computer owners and poorly-protected businesses.
"The simple fact is that organised criminals are more involved in virus-writing than ever before, and being more aggressive in their attempts to find new computers to infect and control," continued Cluley. "If you attach a new, unpatched computer to the internet, unprotected by proper firewalls and up-to-date anti-virus software, then it can easily be under the control of hackers within 10 minutes."
Sophos recommends companies protect their email gateways with a consolidated solution to defend against viruses and spam. Businesses should also secure their desktop and servers with automatically updated protection.
ends
http://www.sophos.com.au
FOR FURTHER INFORMATION: Sophos's press contact at Gotley Nix Evans is: Michael Henderson (sophos@gne.com.au) +61 2 9957 5555 (tel) +61 413 054 738 (mobile) +61 2 9957 5575 (fax)
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Business Processes and Customers - Difficult Domains to Integrate
Multiple suppliers - a common culture
State of Internet Security
Data Center Eco-Nomics
Wireless LANs: Is My Enterprise At Risk?
5 steps to getting started with data loss prevention
Data Centre Assessments: The First Step to Optimisation
Secure Remote Access
Zones provide focussed content from Computerworld and leading technology partners.
Comments
Post new comment