4th of July malware attack targets holidaying American computer users

Independence Day brings dawn attack on computer users
Experts at SophosLabs, Sophos's global network of virus, spyware and spam analysis centers, have warned of a widespread email spam campaign that poses as a video of American Independence Day fireworks, but is really attempt to lure innocent computer users into having their computers hacked. The attack is the latest from the gang behind the Dorf malware, also known as the Storm worm.

Users attempting to watch the fireworks video will instead be infected by malicious code.

Subject lines used in emails sent by the hackers include:

Amazing Independence Day salute
Amazing firework 2008
America for You and Me
America the Beautiful
Celebrate Independence
Celebrate with Pride
Celebrating Fourth of July
Celebrations have already begun
Fabulous Independence Day firework
God bless America
Happy Fourth of July
Happy Independence Day
Independence Day firework broke all records
Light up the sky
Proud to be an American
Sparkling Celebration of Independence Day
Spectacular fireworks show
Super 4th!
The best of 4th of July Salute 

Inside each email is a simple phrase such as "Amazing Independence Day salute" or "The best firework youve ever seen", followed by an IP address. Visiting the IP address takes the unsuspecting user to a malicious webpage, which disguises itself as a video player showing a firework display, with the following message:

Colorful Independence Day events have already started throughout the country. The largest firework happens on the last weekday before the Fourth of July. Unprecedented sum of money was spent on this fabulous show. If you want to see the best Independence Day firework just click on the video and run it.

However, clicking on the 'video' prompts the computer to attempt to download a file called 'fireworks.exe' onto Windows PCs, which Sophos proactively intercepts as the Troj/Dorf-BP Trojan horse.

"Everyone loves fireworks, but you're not going to be feeling in the mood for celebrations if this malware infects your Windows PC, turning it into a part of a botnet for criminals to commit identity theft and launch spam and malware campaigns," said Graham Cluley, senior technology consultant at Sophos. "Americans are not the only ones at risk as they open their email this morning - people around the world with US-based friends may be tempted to follow the link and watch the video. Many Americans may be taking the day off today to celebrate their country's independence, and return to work on Monday morning not realising what may be waiting for them in their inbox."

Sophos recommends companies automatically update their corporate virus protection, and run a consolidated solution to defend against malware, spyware, hackers and spam.

"The gang behind the Dorf family of attacks, also known as the Storm worm, have targeted other holidays in the past - Christmas, St Valentine's Day, Halloween.. the list goes on," continued Cluley. "The reason that they do this is very simple - it works. People fall for tricks like this all the time. Companies and individuals need to protect themselves with up-to-date anti-virus protection and learn not to be caught out by this kind of simple confidence trick again."

About Sophos

Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.

Sophos is headquartered in Boston, US and Oxford, UK.

Comments (0)

Add a Comment

This thread has been closed from taking new comments.

Editorial: +44 (0)1892 536363
Publisher: +44 (0)208 440 0372
Subscribe FREE to the weekly E-newsletter