Security experts have warned of a virus being distributed via email claiming that the Australian Prime Minister has had a serious heart attack.
The malware may have come from home-grown Australian virus writers, since the initial distribution is largely confined to email addresses in Australia.
The email contains a link to a website containing malicious code, and forwards recipients to an error page for The Australian newspaper to persuade users that they have found a dead link.
“It seems that the hackers are back to their old tricks of spamming out sensational headlines in the hope that computer users will forget to think before they click, and visit the website hosting the malicious code,”
said Graham Cluley, senior technology consultant at Sophos.
“The scammers have registered several domain names that appear to be associated with The Australian newspaper, and have gone to great effort to make people think that they really are visiting the genuine site by pointing to the real error page.”
Websense A/NZ country manager Joel Camissar said the trojan, formed by several different components, monitored, tracked and keylogged access to webpages and contained a special module for phishing use.
As at 9am EST time, there were more than 2500 infected victims including
Westpac and the Commonwealth Bank, he said.
According to Websense, the trojan also installs a Web server on the affected machine allowing the attacker to access that machine every time it is online. Through a control panel, the hacker has a full list of infected machines including IP address, country, ports to access the machine using different protocols, and a link to Google Maps to pinpoint where that IP is located, the company said.
Related Links: Security info from Sophos