Trojan Horse uses war as cover

After a spat of celebrity-related Trojans that spread through social engineering techniques the latest one preys on potential victims' curiosity about the ongoing conflict in Iraq
Written by Munir Kotadia, Contributor

Antivirus companies warned of a new worm on Monday that is sent by email and appears to contain photographs of the Iraq war.

The Famus.B worm affects Windows systems and tries to trick users into believing its attached file -- called Iraq.scr -- contains pictures from inside Iraq. In reality the file infects the user's computer, displays a false error message and harvests any email addresses stored on the PC's hard drive.

Famus.B then creates an SMTP engine that allows it to send copies of itself to all the victim's contacts. To finish off it inserts a line into the Windows registry so the computer will remain infected even after a reboot.

According to antivirus firm Panda Software, Famus.B is not spreading very quickly but because it is based on the Iraq war, people are bound to open the attachment.

In a statement, a Panda spokesperson said: "As Famus.B uses a current issue like the conflict in Iraq, this worm is likely to start causing incidents soon."

Emails carrying the worm have the subject line: "Iraq and the crime" and the body contains the message: "what is really happening in Iraq? the pictures of the soldiers and prisoners in Iraq… foward this message…. everybody should know the truth."

The email is also written in Spanish.

The first variant of Famus was discovered around six months ago. According to antivirus firm Sophos, the worm was carried in a file called "PentagonSecret.xls.exe" and the email's body text asked: "Do you believe you are safe from the Pentagon of the E.U? Just look these data and you will be surprised".

Sean Richmond, senior technology consultant at Sophos Australia and New Zealand, said that social engineering is commonly used by both phishers and malware authors because it is so difficult to combat using technology alone. He suggests users need to be taught not to open attachments or click on random links.

"It is easy to use social engineering to dupe people and make them reveal information or act differently. The biggest challenge is to get people out of the habit of clicking on links that are emailed to them. It is very hard to solve a social problem with technology," Richmond said.

Similar social engineering tactics have often been used in the past. In 2003 a virus was disguised as pictures of Julia Roberts in a compromising position. In July a Trojan horse was sent out in an email claiming to show pictures of Osama Bin Laden committing suicide. More recently, footballer David Beckham was apparently pictured in a compromising position with "a Spanish hooker".

Editorial standards