New worm disguised as news headlines
New worm disguised as news headlines
Jan 21, 2005: A new worm has been detected that disguises itself as new headlines from the CNN website, and changes as the news gets updated to maintain its mask, for purpose of gaining access to personal information on infected PCs.
Sophos has found that the worm takes the subject lines, message content and attachment names from the CNN news story headlines in real-time, and then attempts to send itself as a newsletter by email to addresses found on infected computers.
The worm is called Crowt-A continuously changes to mirror the front-page headline on the CNN news site, and the message text is also lifted, conning the user into thinking that they are reading a genuine newsletter.
Carole Theriault, the security consultant at Sophos, said that this is another example of virus writers looking for new tricks to entice innocent computer users into running their malicious code.
"This latest ploy feeds on people's desire for the latest news. Many people subscribe to legitimate email news updates, but the message is simple - businesses need to make sure their anti-virus detection is constantly updated and users need to be suspicious of all unsolicited email whether it's promising celebrity pictures or news updates."
Crowt-A installs a backdoor Trojan function, which attempts to log keystrokes on infracted PCs so that this information can be sent to a remote user. Trojans are used by hackers usually to gain control of PCs and to steal personal information such as bank passwords.
Related Article: