Daily cyber threats and internet security news: network security, online safety and latest security alerts
March 29th, 2008

Fake Shooting Scam Installs Trojan

Earlier today SophosLabs reported a new scam designed to fool users into viewing a web site where they would be hit with a malicious script that installs a Trojan. Several different spam messages alerting users to the supposed shooting of the e-Gold founder, for example:

E-gold founder, Douglas Jackson, 51, of Sheridan, Mont., was 4 times shot
and killed Friday night on the Seventh Street ramp at East Seventh Avenue by off-duty County Deputy Daniel Montana Jr.,
police said.

A spokesman for the Jackson’s family told Fox 31 that the autopsy
details show the shots came from 3 to 7 feet away and were fired at a level angle, not from someone lying on the ground.

The investigation is ongoing, said DA spokeswoman Pam Russell.

More details at ********.com

A variety of domains have been used in the scam. Browsing to each of the domains redirects to a malicious page on another server. This page contains a malicious Javascript which attempts to install a Trojan on the victim’s computer. This malicious script is pro-actively detected as Mal/ObfJS-B. The Trojan is detected by runtime HIPs protection as HIPS/FileMod-005. Specific detection for the Trojan and the files it installs has been added as Troj/Agent-GUJ in Sophos Antivirus.

This is yet another example of the attackers using a blend of spam and malicious web sites to infect victims. Such cases provide perfect illustrations of the need for quality security solutions, encompassing anti-spam, web content inspection, URL filtering and runtime protection technologies.

Share this item with others:

More on CyberInsecure:
  • Sony USA PlayStation Website SQL Injected And Redirects Visitors To Fake Anti-Virus Scam
  • Fraudsters Prey Upon Public Interest In Current Events to Launch Trojan Attacks On Fake CNN Site
  • Current List Of Zlob Distributiuon Sites And Rogue “Anti-virus” Products Domains
  • Microsoft’s “Experimental Security Fix” Is Actually A Malware
  • MonaRonaDona New Social Engineering Scam

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Fake Shooting Scam Installs Trojan

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.