Fraudsters spam out Trojan Horse as China earthquake news story

Following phishing attempts, cybercriminals turn their attentions to infecting computers
IT security and control firm Sophos is reminding computer users around the world of the importance of not clicking on unsolicited emails, no matter how tempting the subject line or content, following the discovery of a Trojan horse being spammed out as a news report about the earthquakes in China.

Sophos experts note that this scam is just the latest in a number of tricks that cybercriminals have been exploiting since the recent disasters in China and Burma, but warn that while many users are aware of phishing emails and therefore will not respond, this attack downloads malicious code onto the user's computer without them even noticing. Hackers can then use this to steal sensitive and confidential information for financial gain and to commit identity theft.

Samples intercepted by SophosLabs, Sophos's global network of virus, spyware and spam analysis centers, show that the Trojan horse (known as Troj/MalDoc-Fam) arrives in a user's inbox as a news report which entices innocent victims to click on the attached word document and read the latest about the tragedy.

A typical spammed email reads as follows:

"BEIJING, May 20 (Xinhua) -- The death toll from the earthquake in southwest China's Sichuan Province has risen to 34,074 nationwide as of 2p.m. Saturday, while 198,347 people were injured, according to the Information Office of the State Council. Pay attention to attachment for more."

However, opening the Word document attached triggers an exploit which silently downloads further malware onto the user's computer.

"Over the last few weeks, we've already seen several examples of cybercriminals trying to exploit the natural disasters suffered by China and Burma, and it seems there's no end to their tactics," said Graham Cluley, senior technology consultant at Sophos. "To avoid falling victim, computer users need to use their common sense and not open emails from people they don't know. By deleting them straight away, you're cutting the fraudsters off before they even have the chance to trick you into giving them money as they pose as victims of the tragedy, or try and install malware on your computer."

About Sophos

Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.

Sophos is headquartered in Boston, US and Oxford, UK

Comments (0)

Add a Comment

This thread has been closed from taking new comments.

Editorial: +44 (0)1892 536363
Publisher: +44 (0)208 440 0372
Subscribe FREE to the weekly E-newsletter