Fake Shooting Scam Installs Trojan

March 29th, 2008

Fake Shooting Scam Installs Trojan

Earlier today SophosLabs reported a new scam designed to fool users into viewing a web site where they would be hit with a malicious script that installs a Trojan. Several different spam messages alerting users to the supposed shooting of the e-Gold founder, for example:

E-gold founder, Douglas Jackson, 51, of Sheridan, Mont., was 4 times shot
and killed Friday night on the Seventh Street ramp at East Seventh Avenue by off-duty County Deputy Daniel Montana Jr.,
police said.

A spokesman for the Jackson’s family told Fox 31 that the autopsy
details show the shots came from 3 to 7 feet away and were fired at a level angle, not from someone lying on the ground.

The investigation is ongoing, said DA spokeswoman Pam Russell.

More details at ********.com

A variety of domains have been used in the scam. Browsing to each of the domains redirects to a malicious page on another server. This page contains a malicious Javascript which attempts to install a Trojan on the victim’s computer. This malicious script is pro-actively detected as Mal/ObfJS-B. The Trojan is detected by runtime HIPs protection as HIPS/FileMod-005. Specific detection for the Trojan and the files it installs has been added as Troj/Agent-GUJ in Sophos Antivirus.

This is yet another example of the attackers using a blend of spam and malicious web sites to infect victims. Such cases provide perfect illustrations of the need for quality security solutions, encompassing anti-spam, web content inspection, URL filtering and runtime protection technologies.

Email, Bookmark or Share:

More on CyberInsecure:

Sony USA PlayStation Website SQL Injected And Redirects Visitors To Fake Anti-Virus Scam

Fraudsters Prey Upon Public Interest In Current Events to Launch Trojan Attacks On Fake CNN Site

Current List Of Zlob Distributiuon Sites And Rogue “Anti-virus” Products Domains

Microsoft’s “Experimental Security Fix” Is Actually A Malware

MonaRonaDona New Social Engineering Scam

Posted in Scams |

Print This Post

This entry was posted on Saturday, March 29th, 2008 at 3:07 am and is filed under Scams. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

If you found this information useful, consider linking to it from your own website.
Just copy and paste the code below into your website (Ctrl+C to copy)
It will look like this: Fake Shooting Scam Installs Trojan

Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

Latest News Updates

Adobe Shockwave Player 11.5.8.612 closes 18 critical vulnerabilities. Critical vulnerabilities have been identified in Adobe Shockwave Player 11.5.7.609 and earlier versions on the Windows and Macintosh operating systems.

Adobe has released a Flash Player update that fixes critical zero-day flaw (CVE-2010-1297) that has been actively exploited in attacks. In addition to the numerous security patches, the new Flash player 10.1.53.64 version brings major functionality and performance improvements.

Virus Threats News

Windows vulnerabilities prove a popular target for cybercriminals in August 01 Sep 2010 14:05:00 +040
Kaspersky Lab announces the publication of its Monthly Malware Statistics for August 2010.
Kaspersky Lab detects new IM worms capable of spreading via almost all instant messengers 30 Aug 2010 12:55:00 +040
Kaspersky Lab announces the detection of a new family of computer worms that are spreading via numerous instant messaging clients
Kaspersky PURE Receives Gold Award in Parental Control Systems Testing 30 Aug 2010 12:44:00 +040
Kaspersky Lab announces that Kaspersky PURE, its comprehensive home network protection solution, came first in tests designed to measure the effectiveness of the parental control modules of ten of the industry’s leading security solutions
Kaspersky Lab detects new IM worms capable of spreading via almost all instant messengers 25 Aug 2010 13:59:00 +040
Kaspersky Lab announces the detection of a new family of computer worms that are spreading via numerous instant messaging clients
Q2 2010: more than half a billion infection attempts 23 Aug 2010 12:41:00 +040
Kaspersky Lab, a leading developer of secure content management solutions, has released its report on information security threats in the second quarter of 2010
First SMS Trojan Detected for Smartphones running Android 11 Aug 2010 12:25:00 +040
Kaspersky Lab announces that the first malicious program classified as a Trojan-SMS has been detected for smartphones running on Google’s Android operating system.
First SMS Trojan detected for smartphones running Android 09 Aug 2010 11:05:00 +040
Kaspersky Lab announces that the first malicious program classified as a Trojan-SMS has been detected for smartphones running on Google’s Android operating system.
TDSS: Rootkit Technologies at the Heart of Cybercrime 05 Aug 2010 14:43:00 +040
TDSS is the most powerful and complex rootkit to date. This universal malware can hide its own presence and that of other malware on an infected system while offering enhanced opportunities.
TDSS: Rootkit technologies at the heart of cybercrime 05 Aug 2010 12:00:00 +040
TDSS is the most powerful and complex rootkit to date. This universal malware can hide its own presence and that of other malware on an infected system while offering enhanced opportunities.
Hackers continue to exploit vulnerabilities in mainstream programs 02 Aug 2010 13:17:00 +040
Kaspersky Lab announces the publication of its Monthly Malware Statistics for July 2010

CyberInsecure.com