Fake Shooting Scam Installs Trojan
Earlier today SophosLabs reported a new scam designed to fool users into viewing a web site where they would be hit with a malicious script that installs a Trojan. Several different spam messages alerting users to the supposed shooting of the e-Gold founder, for example:
E-gold founder, Douglas Jackson, 51, of Sheridan, Mont., was 4 times shot
and killed Friday night on the Seventh Street ramp at East Seventh Avenue by off-duty County Deputy Daniel Montana Jr.,
police said.A spokesman for the Jackson’s family told Fox 31 that the autopsy
details show the shots came from 3 to 7 feet away and were fired at a level angle, not from someone lying on the ground.The investigation is ongoing, said DA spokeswoman Pam Russell.
More details at ********.com
A variety of domains have been used in the scam. Browsing to each of the domains redirects to a malicious page on another server. This page contains a malicious Javascript which attempts to install a Trojan on the victim’s computer. This malicious script is pro-actively detected as Mal/ObfJS-B. The Trojan is detected by runtime HIPs protection as HIPS/FileMod-005. Specific detection for the Trojan and the files it installs has been added as Troj/Agent-GUJ in Sophos Antivirus.
This is yet another example of the attackers using a blend of spam and malicious web sites to infect victims. Such cases provide perfect illustrations of the need for quality security solutions, encompassing anti-spam, web content inspection, URL filtering and runtime protection technologies.
More on CyberInsecure:
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.