Hackers try to infect computers by claiming that the USA has invaded Iran

(27/08/2008)

Sophos is warning of an attempt by hackers to infect computers using the camouflage of a news report claiming that the USA has invaded Iran.

Widely spammed out emails with subject lines including "Third World War has begun", "20000 US Soldiers in Iran", and "US Army crossed Iran's borders" have been intercepted by Sophos. The emails contain links to a malicious webpage that displays what appears to be a video player showing the mushroom cloud of a nuclear explosion with the following text beneath:

"Just now US Army's Delta Force and US Air Force have invaded Iran. Approximately 20000 soldiers crossed the border into Iran and broke down the Iran's Army resistance. The video made by US soldier was made today morning. Click on the video to see the first minutes of the beginning of World War III. God save us".

The website pretends to contain a video showing US soldiers fighting in Iran.

However, SophosLabs™ experts warn that users visiting the webpage and clicking on the 'video player' run the risk of being infected by a Trojan horse, designed to compromise their computer. Sophos detects the malware hiding behind the fake video as Troj/Tibs-UO and a malicious JavaScript hidden on the website as Mal/ObfJS-AY.

"Receiving or reading the emails themselves does not mean you are infected - but visiting the link contained in them, or trying to watch the video, is definitely a bad idea. Once your computer is under the control of hackers they could steal your personal information to commit identity theft, or use your PC to spam out junk mail to millions of people around the world," said Graham Cluley, senior technology consultant at Sophos. "Hackers are taking advantage of the fact that many people today get their fix for breaking news via the internet. People, especially those with loved ones in the Middle East, may rush to watch the video without engaging their common sense. Everyone should ensure they keep their anti-virus protection up-to-date and never follow links in unsolicited email messages."

Sophos experts note that this is not the first time that news about rising tensions between Iran and the West has been exploited by hackers. In 2005, a widespread spam campaign pretended to be a link to news about the controversial decision by Iran to continue work at a nuclear plant, but was really an attempt to infect users with a Trojan horse. The year before, the Cycle worm dropped a message complaining that European governments were supporting the regime in Tehran, because of the war in neighboring Iraq.

Related topics:  Hacking and intrusion prevention   Internet and Web security   Virus, Worm, Email security, spyware and malware 

Print version | Email to a friend | Related articles

Data breaches: Trends, costs and best practices gives you all the latest information on securing personal and corporate data, key recommendations for immediate action to improve data security, and how to respond to data breaches.

Other Security news and resources