Sophos: Beware of Malware From Long Lost Friend

Long lost school friend lures lovelorn into malware heartbreak, warns Sophos

BOSTON -- IT security and control firm Sophos is warning of a new attempt to infect PCs with malware by someone posing as a long lost school friend. According to Sophos, internet hackers - taking advantage of the current popularity of social-networking and online friendships amongst adults - are using the lure of a possible internet romance in an attempt to trick the unwary into downloading a password-stealing Trojan horse.

SophosLabs' blog reports that the emails, which have been spammed out across the internet, purport to be from a young blonde woman with pigtails called Ann Berns who claims that she went to high school with the recipient. The author refers to fond memories of after-school walks and classroom conversations in an attempt to encourage the recipient into investigating further and clicking on a URL to her personal homepage. Sophos experts note however that the link actually leads to a Trojan horse designed to break into online accounts and commit identity theft.

An extract from the email reads as follows:

'Hi! I'm not sure if you remember me..

I'm Ann Berns, I guess we went to high school together.

It was quite a while ago but I still remember our friendship.

Do you remember that walk after classes? It was really cool!

I still think about you sometimes, all that fun, all whispering chats during classes. Do you want to see what I look like now? Visit my home page then, it's at...'

"The lonely, the randy or the just plain curious might be tempted to click on the link - but if they do they risk falling straight into a trap set by hackers," said Graham Cluley, senior technology consultant for Sophos. "It's a pretty sad state of affairs that cybercriminals need little more than a picture of a blonde woman with pigtails to steal passwords from unwary internet users. Everyone needs to learn to take more care over unsolicited emails, and ensure that they are properly defended when they open their email inbox or surf the web."

Sophos plc