Virus researchers at Sophos have identified a new worm which poses as information on the latest news stories. Crowt-A(W32/Crowt-A) takes its subject lines, message content and attachment names from headlines gathered in real-time from the CNN website. As well as providing keylogging and backdoor functionality, W32/Crowt-A attempts to send itself by email to addresses found on the infected computer as if from other addresses on the infected computer. The email's subject lines, message content and attachment name are generated from headlines gathered real-time from the CNN website.
Crowt-A's subject line and attachment share the same name, but continually change to mirror the front-page headline on the CNN news site. The message text is also lifted from CNN's site, duping the recipient into thinking that they are reading a bonafide newsletter rather than receiving an infected email.
Crowt-A also installs a backdoor Trojan function. This attempts to log keystrokes on infected PCs and sends gathered data to a remote user. These Trojans are often used by hackers to gain unauthorised control of PCs and to steal personal information such as bank passwords.
"Virus writers are always looking for new tricks to entice innocent computer users into running their malicious code; this latest ploy feeds on people's desire for the latest news," said Carole Theriault, security consultant at Sophos. "Many people subscribe to legitimate email news updates, but the message is simple - businesses need to makes sure their anti-virus detection is constantly updated and users need to be suspicious of all unsolicited email whether it's promising celebrity pictures or news updates."
Although only a small number of instances of the worm have been sighted so far, Sophos recommends companies protect their computers with a consolidated solution to thwart the virus and spam threats as well as secure their desktop and servers with automatically updated anti-virus protection.
Explore further: FBI chief urges 'robust debate' on encryption