Virus Writer Purports To Show Bin Laden's Death

[george]

Antivirus company Sophos warned Friday of a scheme that invokes Osama bin Laden to convince people to open a file containing a Trojan horse called Hackarmy.

The message, which has been posted on several Internet newsgroups, claims to contain pictures taken by CNN journalists of bin Laden committing suicide. But once the supposed picture file is opened, it installs a Trojan horse that effectively recruits the infected machine into the author's army of "zombie" PCs--already-infected machines that can be controlled surreptitiously from afar. The zombified computers can then be used to distribute spam or launch denial-of-service attacks.

Hackers and virus writers are trying different tricks to try to get people to download their malicious code, said Graham Cluley, senior technology consultant for Sophos.

"It seems this time, the hacker has focused on the public's morbid curiosity and appetite for news on the war against terror," he said.

Terrorism has been a popular theme among virus writers recently. Last week, a variant of the Atak worm was linked with an al-Qaida sympathizer who allegedly threatened to release an "uber worm" if the United States attacked Iraq.

Richard Starnes, president of security industry group ISSA UK, said the warning from Sophos should help spur computer users to "install preventative measures" before the Trojan horse becomes widespread.

Virus writers try to get e-mail users' attention and persuade them to open attachments or click on links, even if they have been told not to, Starnes said.

"Anna Kournikova, Catherine Zeta-Jones and I Love You are all variations on a theme: They are trying to entice the user into doing something they know they shouldn't do," he said.

Antivirus and antispam companies have updated their software to detect the Trojan horse, according to Starnes, so people need to make sure that they have the most recent version of their software.

"It depends on how long (it takes for) antivirus and antispam companies (to) respond by releasing new signatures, and how quickly the customers respond by downloading and installing them," he said.

--ZDnet 2004-07-24