A phony e-mail purporting to be news about the Australian prime minister suffering a heart attack is slamming users with a Trojan horse that is tracking their Web access and leaving their computers vulnerable to remote access.
The malware also installs a Web server on infected machines, allowing attackers to access the machines every time they're online, according to analysts at Websense, a security company. Websense analysts say the attackers are using a control panel where they can see a list of all the infected machines, including IP addresses, countries, and ports. They even can link to Google Maps, which will exactly point out where that IP is located.
The fraudulent spam is mainly hitting Australia with the bogus news that Australian Prime Minister John Howard is struggling for his life after suffering a heart attack. The e-mails are set up to appear to be a link to a news story from The Australian, a daily newspaper. Howard is currently reported to be in good health and hasn't suffered a heart attack.
Clicking on the link takes users to a Web page which downloads malicious code to their computer, and then displays the real "404 page not found" error page used by The Australian on news.com.au. The viral code attempts to steal online banking usernames and passwords from Web surfers, according to analysts at Sophos, an antivirus and anti-spam company based in the U.K.
The Australian prime minister is just the latest in a long line of public figures to be used as bait by virus authors and hackers. Sophos analysts point out that politicians, such as Vladimir Putin, Margaret Thatcher, Ronald Reagan, Arnold Schwarzenegger, Bill Clinton and George W. Bush, have been have been used in the same kind of spam scams. Celebrities such as Halle Berry, Anna Kournikova, Jennifer Lopez, and Britney Spears, also are often used to lure users to click on links that take them to malicious Web sites.
"It seems the hackers are back to their old tricks of spamming out sensational headlines in the hope that computer users will forget to think before they click, and visit the Web site hosting the malignant code," said Graham Cluley, senior technology consultant for Sophos, in a written statement. "The scammers have registered several domain names that appear to be associated with The Australian newspaper, and have gone to effort to make people think that they really are visiting the genuine site by pointing to the real error page. Everyone should be on their guard against this kind of e-mail con trick, or risk having their PC infected."
Two years ago, spammers and hackers played on people's emotions surrounding the death of Pope John Paul II. The spam, which promised users free books written by the pontiff, actually links them to a get-rich-quick-scheme Web site.