'Osama Captured' e-Mail is Malicious Trojan
The 'Osama Bin Laden Captured' e-mail hammering your in-box today will attempt to download a Trojan if the embedded URL is clicked.
Those "Osama Bin Laden Captured" e-mails hammering your in-box today will attempt to download a Trojan if the embedded URL is clicked, anti-virus experts warned Friday.
Glendale, Calif.-based Panda Software said the URL embedded in the e-mail directs users to what appears to be an advertising page before exploiting a known security vulnerability in Microsoft's Internet Explorer (IE) browser to download the trojan.
The fake news item, purporting to come from CNN or the BBC and promising photographs and video of Bin Laden's capture, first appeared on instant messaging networks earlier this month. According to security analysts, it is yet another use of social engineering tactics by spammers to direct traffic to Web sites.
The "Osama Bin Laden Captured" hoax includes following message text:
"Hey, Just got this from CNN, Osama Bin Laden has been captured! Go to the link below to view the pics and to download the video if you so wish: (Internet address) "Murderous coward he is." God bless America!"
If the link is activated via IE, the browser auto-executes a file called "EXPLOIT.EXE" and downloads an executable trojan, identified as "Trj/Small.B."
The "Small.B" trojan opens ports on an infected machine and can be used to hijack PCs for use as spam zombies. The trojan has the ability to listen on the open port for instructions and redirects traffic to other IP addresses.
"Spammers and hackers can take advantage of compromised systems by using the infected computer as a middleman, allowing them to pass information through it and remain anonymous," according to information provided by McAfee Security.
A spokesperson for anti-virus firm Sophos told internetnews.com the malicious trojan will only affect users using an unpatched IE browser. Microsoft has issued cumulative patches the IE browser to plug known vulnerabilities. The latest updates for Internet Explorer are available here.