'Suicidal Osama Bin Laden' recruits a zombie army
Published: 23 Jul 2004 16:45 BST
A new way of enticing users to open a Trojan horse called Hackarmy was discovered by antivirus firm Sophos on Friday after it was posted on several Internet news groups.
The message claims to contain pictures taken by CNN journalists of Osama Bin Laden's suicide but, once the file is opened, it installs a Trojan horse that effectively recruits the infected machine into the author's zombie army, which can then be used to distribute spam or launch DDoS attacks.
Hackers and virus writers are trying different tricks to try and get people to download their malicious code, said Graham Cluley, senior technology consultant for Sophos.
"It seems this time the hacker has focused on the public's morbid curiosity and appetite for news on the war against terror," he said.
Richard Starnes, president of security industry group ISSA UK, congratulated Sophos for highlighting the issue because it will allow users to "install preventative measures" before the Trojan becomes a widespread.
Malware writers try to get email users' attention and persuade them to open attachments or click on links even if they have been told not to, Starnes said.
"Anna Kournikova, Catherine Zeta Jones and I Love You are all variations of a theme; they are trying to entice the user into doing something they know they often know they shouldn't do," he added.
Antivirus and antispam companies have updated their software to detect the Trojan, according to Starnes, so users need to make sure they have the most recent version of their software.
"It depends on how long [it takes for] antivirus and anti-spam companies [to] respond by releasing new signatures and how quickly the customers respond by downloading and installing them," he said.
Terrorism has been a popular theme amongst malware writers recently. Last week, a variant of the Atak worm was linked with an Al-Qaeda sympathiser who allegedly threatened to release an "uber worm" if the US attacked Iraq.
Did you find this article useful?
113 out of 258 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
Full Talkback thread
7 comments
-
The authors were lambasted on a couple of the Linu... Anonymous -
Hey German IT consultant.
Try running it unde... Theophilus Wildebeest -
They are at tit again:
The message is as follows (... Anonymous
-
i think this should be dubbed the suicide virus. j... Paul
-
I too saw the Arnold version. It was on satur... blubear2
-
The Arnie one has been removed.
I don't... Theophilus Wildebeest -
I saw this on Usenet and figured it was something... Anonymous
