Malware attack targets 4 July celebrants
IT security firm Sophos is warning about an email spam campaign that poses as a video of American Independence Day fireworks, but is really an attempt to lure unwitting victims into having their computers hacked. The attack is the latest from the gang behind the Dorf malware, also known as the Storm worm.
Subject lines used in the emails sent by the hackers include:
- Amazing Independence Day salute
- America the Beautiful
- Celebrating Fourth of July
- Fabulous Independence Day firework
- God bless America
- Happy Fourth of July
Samples intercepted by Sophos show that inside each email is a simple phrase such as "Amazing Independence Day salute" or "The best firework you’ve ever seen", followed by a Web link. Visiting the IP address takes the unsuspecting user to a malicious webpage, which disguises itself as a video player showing a firework display, with the following message:
"Colourful Independence Day events have already started throughout the country. The largest firework happens on the last weekday before the Fourth of July. Unprecedented sum of money was spent on this fabulous show. If you want to see the best Independence Day firework just click on the video and run it."
Sophos senior technology consultant Graham Cluley explains: “Clicking on the 'video' prompts the computer to attempt to download a file called 'fireworks.exe' onto Windows PCs, which Sophos proactively intercepts as the Troj/Dorf-BP Trojan horse.
"The gang behind the Dorf family of attacks, also known as the Storm worm, has targeted other holidays in the past – Christmas, St Valentine's Day, Halloween... the list goes on.”
Further information: www.sophos.com/security/blog/2008/07/1550.html.
‘Spam spotters: man versus computer’ – see E&T magazine, Issue 13, published on 21 July 2008.