CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
March 29th, 2008

Fake Shooting Scam Installs Trojan

Earlier today SophosLabs reported a new scam designed to fool users into viewing a web site where they would be hit with a malicious script that installs a Trojan. Several different spam messages alerting users to the supposed shooting of the e-Gold founder, for example:

E-gold founder, Douglas Jackson, 51, of Sheridan, Mont., was 4 times shot
and killed Friday night on the Seventh Street ramp at East Seventh Avenue by off-duty County Deputy Daniel Montana Jr.,
police said.

A spokesman for the Jackson’s family told Fox 31 that the autopsy
details show the shots came from 3 to 7 feet away and were fired at a level angle, not from someone lying on the ground.

The investigation is ongoing, said DA spokeswoman Pam Russell.

More details at ********.com

A variety of domains have been used in the scam. Browsing to each of the domains redirects to a malicious page on another server. This page contains a malicious Javascript which attempts to install a Trojan on the victim’s computer. This malicious script is pro-actively detected as Mal/ObfJS-B. The Trojan is detected by runtime HIPs protection as HIPS/FileMod-005. Specific detection for the Trojan and the files it installs has been added as Troj/Agent-GUJ in Sophos Antivirus.

This is yet another example of the attackers using a blend of spam and malicious web sites to infect victims. Such cases provide perfect illustrations of the need for quality security solutions, encompassing anti-spam, web content inspection, URL filtering and runtime protection technologies.

Share this item with others:

More on CyberInsecure:
  • Sony USA PlayStation Website SQL Injected And Redirects Visitors To Fake Anti-Virus Scam
  • Fraudsters Prey Upon Public Interest In Current Events to Launch Trojan Attacks On Fake CNN Site
  • Current List Of Zlob Distributiuon Sites And Rogue “Anti-virus” Products Domains
  • Microsoft’s “Experimental Security Fix” Is Actually A Malware
  • MonaRonaDona New Social Engineering Scam

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Fake Shooting Scam Installs Trojan

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.