Virus researchers at Sophos have identified a new worm which poses as information on the latest news stories.
Crowt (W32/Crowt-A) takes its subject lines, message content and attachment names from headlines gathered in real-time from the CNN web site. It attempts to send itself by email to addresses found on infected computers.
Crowt-ACrowt-A's subject line and attachment share the same name, but continually change to mirror the front-page headline on the CNN news site. The message text is also lifted from CNN's site, duping the recipient into thinking that they are reading a bonafide newsletter rather than receiving an infected email.
Crowt-A also installs a backdoor function. This attempts to log keystrokes on infected PCs and sends gathered data to a remote user. These backdoors are often used by hackers to gain unauthorised control of PCs and to steal personal information such as bank passwords.
Carole Theriault, Security Consultant at Sophos said,
"Virus writers are always looking for new tricks to entice innocent computer users into running their malicious code; this latest ploy feeds on people's desire for the latest news. Many people subscribe to legitimate email news updates, but the message is simple - businesses need to makes sure their anti-virus detection is constantly updated and users need to be suspicious of all unsolicited email whether it's promising celebrity pictures or news updates."
Although only a small number of instances of the worm have been sighted so far, we recommend you keep your anti-virus software up to date at all times.
|
|
