Posted by: Security l33t
« on: 31. July 2007., 18:10:46 »Life isn't beautiful -- Spammed Screensaver Installs Rootkits and Trojan
IT security and control firm Sophos is warning of a widespread email spam campaign that poses as a screensaver, but is actually designed to install rootkits and a Trojan horse on infected Windows PCs.
The emails, which are being sent to inboxes worldwide, claim that the user has received a screensaver from a friend and tells them to open the attachment (called bsaver.zip). Sample phrases from the malicious spam campaign include 'Good morning/evening, man! Realy cool screensaver in your attachment!', while the emails have subject lines such as:
'Life is beautiful'
'Life will be better'
If you receive an unsolicited email encouraging you to run the 'cool screensaver' attached then alarm bells should instantly start ringing in your head
'Good summer'
'help you'
According to Sophos, clicking on the file contained inside the ZIP attachment infects users with the Agent-FZB Trojan horse, which drops two rootkits in order to try and hide from security software.
"If you receive an unsolicited email encouraging you to run the 'cool screensaver' attached then alarm bells should instantly start ringing in your head," said Graham Cluley, senior technology consultant at Sophos. "Hackers are using a mixture of social engineering and stealth-mode rootkits to try and take advantage of Windows users who forget to think before they click."
Sophos already detects the rootkits used in the malicious spam campaign as NTRootK-BY and Agent-FVT. Customers have been defended against the attack since 01:20 GMT on 27 July 2007. Sophos Anti-Rootkit identifies known and unknown rootkits, and is available to download - free of charge - for non-Sophos users, as well as existing customers.
"Rootkits are frequently deployed by third parties - usually hackers - to hide other software and processes using advanced stealth techniques. Malicious code, such as spyware and keyloggers, can be invisibly cloaked from detection by conventional security products or the operating system, making them much harder to detect," explained Cluley. "Hackers use rootkit technology to maintain access to a compromised computer without the user's knowledge, so it's important to be properly defended against this sort of threat."
More information and an image of the email is available from:
http://www.sophos.com/pressoffice/news/articles/2007/07/bsaver.html
A free download of Sophos Anti-Rootkit is available from:
http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html
Sophos recommends companies automatically update their corporate virus protection, and run a consolidated solution to defend against malware, spyware, hackers and spam
IT security and control firm Sophos is warning of a widespread email spam campaign that poses as a screensaver, but is actually designed to install rootkits and a Trojan horse on infected Windows PCs.
The emails, which are being sent to inboxes worldwide, claim that the user has received a screensaver from a friend and tells them to open the attachment (called bsaver.zip). Sample phrases from the malicious spam campaign include 'Good morning/evening, man! Realy cool screensaver in your attachment!', while the emails have subject lines such as:
'Life is beautiful'
'Life will be better'
If you receive an unsolicited email encouraging you to run the 'cool screensaver' attached then alarm bells should instantly start ringing in your head
'Good summer'
'help you'
According to Sophos, clicking on the file contained inside the ZIP attachment infects users with the Agent-FZB Trojan horse, which drops two rootkits in order to try and hide from security software.
"If you receive an unsolicited email encouraging you to run the 'cool screensaver' attached then alarm bells should instantly start ringing in your head," said Graham Cluley, senior technology consultant at Sophos. "Hackers are using a mixture of social engineering and stealth-mode rootkits to try and take advantage of Windows users who forget to think before they click."
Sophos already detects the rootkits used in the malicious spam campaign as NTRootK-BY and Agent-FVT. Customers have been defended against the attack since 01:20 GMT on 27 July 2007. Sophos Anti-Rootkit identifies known and unknown rootkits, and is available to download - free of charge - for non-Sophos users, as well as existing customers.
"Rootkits are frequently deployed by third parties - usually hackers - to hide other software and processes using advanced stealth techniques. Malicious code, such as spyware and keyloggers, can be invisibly cloaked from detection by conventional security products or the operating system, making them much harder to detect," explained Cluley. "Hackers use rootkit technology to maintain access to a compromised computer without the user's knowledge, so it's important to be properly defended against this sort of threat."
More information and an image of the email is available from:
http://www.sophos.com/pressoffice/news/articles/2007/07/bsaver.html
A free download of Sophos Anti-Rootkit is available from:
http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html
Sophos recommends companies automatically update their corporate virus protection, and run a consolidated solution to defend against malware, spyware, hackers and spam