[ISN] Hackers fake Howard heart attack

From: InfoSec News (alerts@private)
Date: Mon Feb 19 2007 - 23:15:00 PST


http://www.theaustralian.news.com.au/story/0,20867,21257632-1702,00.html

AAP
February 20, 2007

EMAIL hackers are using a fake news alert claiming Prime Minister John 
Howard suffered a heart attack in an attempt to steal personal 
information from Australian PC users.

The email features a news report falsely claiming to come from The 
Australian newspaper's online edition and which includes links to 
malicious websites.

The news report, which is written in less-than-perfect English, claims 
the Prime Minister had suffered a heart attack and that surgeons were 
working to save his life.

"The Prime Minister of Australia, John Howard have (sic) survived a 
heart attack," the email reads.

"Mr Howard, 67 years old, was at Kirribilli House in Sydney, his prime 
residence, when he was suddenly stricken.

"Mr Howard was taken to the Royal North Shore Hospital where the best 
surgeons of Australia are struggling for his life."

Anyone clicking on links on the bogus report risks importing a virus.

The Australian Computer Emergency Response Team (AusCERT) said today it 
was not yet clear how many systems had been infected.

However, the virus, first reported yesterday, resembles previous attacks 
on Australian PCs.

Last year, a trojan virus known as Haxdor accompanied an email claiming 
the National Australia Bank had gone bankrupt.

Nationally, Haxdor infected about 10,000 systems over a period of 
several months.

MacLeonard Starkey from AusCERT said the John Howard email was part of a 
broader trend in spamming that used topical events to suck in a broad 
mass of victims.

"Everyone that loves him wants to click on it, everybody that hates him 
wants to click on it, so it's a fairly good all round one," Mr Starkey 
said.

Once installed, the program is able to log any keyboard sequences or 
mouse clicks that a user may enter - including personal identification 
numbers used on bank websites - and change security settings.

"It basically means some attacker, somewhere can do whatever they like 
on your system," Mr Starkey said.

AusCERT is uncertain of the email's origin but says such viruses are 
increasingly originating in China.


______________________________________
Subscribe to the InfoSec News RSS Feed
http://www.infosecnews.org/isn.rss



This archive was generated by hypermail 2.1.3 : Mon Feb 19 2007 - 23:18:56 PST