Malicious email sent as news about Hurricane Katrina
Malicious email sent as news about Hurricane Katrina
Sept 07, 2005: An email that has been sent out recently about Hurricane Katrina contains a malicious backdoor programme that poses as a worm removal tool, according to software security experts Trend Micro.
The network antivirus and Internet content security company said that the link provided in the email points to what seems to be a regular website with news about the Hurricane Katrina disaster, with a link for a report on the ZOTOB worm on the right-hand side.
However, as soon as the user visits the website, the JS_PHEL.K malware exploits the HTML ActiveX Control vulnerability to secretly direct the browser to another website to download the BKDR_ROBOBOT.AU backdoor programme.
Once it is activated, the programme will display a fake ZOTOB scan message: "Zotob was not detected on this PC", which cons users into believe that a legitimate virus scan has been activated.
However, the programme actually removes antivirus and security applications from the computer and opens up communication ports to connect with an Internet Relay Chat server, which allows hackers to access the computer.
Related Article: