Trojan Horse Uses Virginia Tragedy as Bait
Spammers and hackers are using the slayings at Virginia Tech as a gory lure to infect computers with malicious software, security experts noted Thursday.
While the video made by gunman Cho Seung-hui prior to the killing of 33 people on Monday was widely posted on news Web sites and YouTube.com, spam e-mails were intercepted Wednesday night purporting to link to the footage on a Brazilian Web site, said Graham Cluley, senior technology consultant, at security vendor Sophos PLC.
If clicked, the link caused a computer to automatically download a malicious screensaver, called TERROR_EM_VIRGINIA.scr by Sophos, which installs a Trojan horse program that collects banking details, Cluley said.
It's unclear yet what banks the Trojan is engineered to exploit, Cluley said. Sophos has posted a screenshot of the spam.
The e-mails are unlikely to mean much to English speakers since they're written in Portuguese, Cluley said. But hackers have repeatedly used breaking news events to try to trick users into opening malicious programs.
"We might see other hackers jump on the coattails of this," Cluley said.
After emergencies and disasters, fraudulent Web sites purporting to collect charity money also tend to emerge. So far, more than 450 domain names related to the Virginia Tech shooting have been registered that look questionable, wrote Johannes Ullrich, chief technical officer for the Internet Storm Center, part of the SANS Institute, which monitors the health of the Internet.
The registrations have occurred at a faster pace than ones after Hurricane Katrina struck New Orleans in August 2005, Ullrich wrote on Monday.
The U.S. Computer Emergency Response Team warned on Tuesday it's likely some of those domains could turn into phishing sites.
Earlier in the week, eBay Inc. canceled auctions trying to sell domains related to the Virginia Tech shootings, with one listed at US$49,930.