Worm Steals CNN Headlines To Stay Timely, Fool Users
The idea is to fool recipients into thinking that they're reading a legitimate newsletter or news brief rather than looking at a payload-carrying message about to infect their PC.
A new worm uses breaking news -- and a devious technique to keep itself up-to-date -- to dupe recipients into opening attachments, an anti-virus firm said Friday.
U.K.-based security vendor Sophos said that the Crowt.a worm grabs its subject lines, message content, and attachment names from headlines culled in real-time from CNN's Web site. The worm's subject and attachment filename constantly change to mirror the top headline on CNN.com, while the e-mail message's text is also hijacked from CNN.
The idea is to fool recipients into thinking that they're reading a legitimate newsletter or news brief rather than looking at payload-carrying message about to infect their PC.
Crowt.a also slips in a backdoor component that tries to record keystrokes and send the stolen info to the hacker, an element of many worms that are meant not only to give the attacker later access to the infected computer, but also lets them walk off with valuable passwords or bank account information.
"This latest ploy feeds on people's desire for the latest news," said Carole Theriault, a security consultant at Sophos, in a statement. "Many people subscribe to legitimate email news updates...virus writers are always looking for new tricks to entice users into running their malicious code."
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.