Hackers pounce on Howard 'heart attack e-mail'

Details of around 750 Australian banking customers may have been compromised after a trojan e-mail -- claiming the prime minister has suffered a heart attack -- was unleashed.
Written by Steven Deare, Contributor

update Hackers may have captured the login details of around 750 Australian banking customers by circulating a trojan e-mail claiming the prime minister has suffered a heart attack, according to a security company.

Titled "John Howard, the current Prime Minister of Australia has survived a heart attack", the e-mail claims Howard suffered the heart attack while at Kirribilli House and is fighting for his life in hospital.

The e-mail then provides a link purporting to be an online news report. Users that click the link however are directed to a standard "404 error" page which downloads a trojan to their computer.

Joel Camissar, country manager for Websense, which has been tracking the scam, said the trojan monitored infected users' Internet activity. This included logging keystrokes, he said.

Websense has identified one of the servers used in the hacking attempts and is recording compromised IP addresses, as well as other data stored by the server. Hackers often did little to secure their own computers, said Camissar.

Of 2,500 users around the world infected by the trojan, around 30 percent, or 750 people, were from Australia, he said.

This data could include banking login details.

Websense claimed customers of the Commonwealth and Westpac banks may have had their account details captured.

However, both banks have denied the trojan had infected their systems. Westpac's systems had not been compromised by the trojan and the bank was unaware of any fraud losses as a result, according to a spokesperson.

A Commonwealth Bank spokesperson said its Web site had not been infected with the trojan. However, the Web site was not the issue, according to Camissar.

"The Commonwealth Bank Web site hasn't been compromised," Camissar said.

"But the trojan horse monitors user sites visited and sends back the [bank site] username and password to the server computer," he said.

The scam was not limited to Australia, according to Websense. Customers of banks across Europe and the US may also have had their passwords captured.

Websense was working with law enforcement authorities to find the scammers, he said.

Editorial standards