stat counter

Thursday, April 12, 2007

New Trojan Horse: WWIII Has Begun/US Bombs Iran

I received this email claiming WWIII has begun. Have you? Why is hacking done? To both spy, knock out sites and it is DEFINITELY a crime.

Time to call my computer wizard neighbor over who has NEVER attended the hackers conference in Las Vegas each year but has been invited annualy. If there is ANY chance you were sent this email and opened it, I suggest strongly that you have your computer checked by an expert.

A new spam campaign is trying to trick people into opening malicious attachments by using subject lines about the United States, Israel, and Iran starting a new war in the Middle East..

Hackers are spamming out e-mails with fraudulent news about a war breaking out in the Middle East involving the United States, Iran, and Israel in an attempt to trick people into downloading Trojans.

Daniel Wesemann, a handler at the Internet Storm Center, reported in the site's online daily diary Sunday that the spam is coming with .exe files attached. The hackers are using social engineering to lure people into opening the e-mails with the malicious attachments by using subject lines about war breaking out or the United States bombing Iran.

Subject lines include: "USA Just Have Started World War III"; "Missile Strike: The USA kills more then 20000 Iranian citizens"; "Israel Just Have Started World War III"; and "USA Missile Strike: Iran War just have started."

The actual e-mail body is blank, but the attachments have names like movie.exe, video.exe, clickhere.exe, and readmore.exe.

According to John McDonald, a security response engineer at Symantec, the underlying threat -- Trojan.Packed.13 -- is nothing new.

"They are simply minor variants of Trojan.Peacomm and W32.Mixor [named W32.Mixor.AR@mm in this instance] which have been repacked in an attempt to avoid existing detection, and appear to have been largely successful at that attempt," he wrote on the Symantec blog.

"There is never a good time to let your guard down, even during a festive season when goodwill to others should surely be the overriding theme. The more shocking or unbelievable the subject of e-mails such as these, the more the contents should be treated with the suspicion they usually deserve."

Using scare headlines to con users into opening a malicious attachment or click on a link that goes to a malicious Web site is nothing new.

Just last week, hackers were trying to con people into going to a Web site that would surreptitiously infect their computers with a .ANI exploit by promising them pictures of a naked Britney Spears.

Sophos reported in an advisory that the malicious site contains the Iffy-A Trojan that points to another piece of malware, which contains the zero-day .ANI exploit -- Animoo-L.


Interestingly, I found the article above under "news from the Middle East" and conversely, recently an article ran stating that Israel has the highest rate of internet hackers in the world. {From Sabbah's Blog

Definition of "Trojan Horse" Source

In the context of computer software, a Trojan horse is a program that unlike a virus contains or installs a malicious program (sometimes called the payload or 'trojan'). The term is derived from the classical myth of the Trojan Horse. Trojan horses may appear to be useful or interesting programs (or at the very least harmless) to an unsuspecting user, but are actually harmful when executed. (See Social engineering.)

Often the term is shortened to simply trojan, even though this turns the adjective into a noun.

There are two common types of Trojan horses. One is otherwise useful software that has been corrupted by a hacker inserting malicious code that executes while the program is used. Examples include various implementations of weather alerting programs, computer clock setting software, and peer to peer file sharing utilities. The other type is a standalone program that masquerades as something else, like a game or image file, in order to trick the user into some misdirected complicity that is needed to carry out the program's objectives.

Precautions against Trojan horses

Trojan horses can be protected against through end-user awareness, namely to treat them like a virus. Viruses can cause a great deal of damage to a personal computer but even more damage to a business, particularly a small business that usually does not have the same virus protection capabilities as a large business. Since a Trojan Horse virus payload is hidden, it is harder to protect yourself or your company from it, but there are things that you can do.

Trojan Horses are most commonly spread through an e-mail, much like other types of common viruses. The only difference being of course is that a Trojan Horse payload is hidden. The best ways to protect yourself and your company from Trojan Horses are as follows:

  1. If you receive e-mail from someone that you do not know or you receive an unknown attachment, never open it right away. As an e-mail user, you should confirm the source. Some hackers have the ability to steal address books, so if you see e-mail from someone you know, it is not necessarily safe.
  2. When setting up your e-mail client, make sure that you have the settings so that attachments do not open automatically. Some e-mail clients come ready with an anti-virus program that scans any attachments before they are opened. If your client does not come with this, it would be best to purchase one or download one for free.
  3. Make sure your computer has an anti-virus program on it and update it regularly. If you have an auto-update option included in your anti-virus program you should turn it on; that way if you forget to update your software you can still be protected from threats
  4. Operating systems offer patches to protect their users from certain threats. Software developers like Microsoft offer patches that in a sense "close the hole" that the Trojan horse or other virus would use to get through to your system. If you keep your system updated with these patches, your computer is kept much safer. However, it should be noted that ill designed patches can sometimes put computers more at risk as they may open new "holes".
  5. Avoid using peer-to-peer or P2P sharing networks like Kazaa, Limewire, Ares, or Gnutella because they are generally unprotected from viruses and Trojan Horse viruses spread through them especially easily. Some of these programs do offer some virus protection, but this is often not strong enough. If you insist on using P2P, it would be safe to not download files that claim to be "rare" songs, books, movies, pictures, etc.

Besides these sensible precautions, one can also install anti-trojan software, some of which is offered free.

No comments: