Fake Gates Foundation malware spreads

Fake Gates Foundation malware spreads

Phony messages appearing in UK after blitzing Australia

Article comments

A malicious spam is in circulation which pretends to be from the Bill and Melinda Gates Foundation.

It has the subject line 'Life for Life' and leads with the recent news that the Northern Territory Library has received the 2007 Access to Learning Award from the Bill and Melinda Gates Foundation.

This information is true but the link inviting you to read more about the award takes you off to an infected Web site in Korea, according to Paul Ducklin, Asia-Pacific head of technology of anti virus vendor Sophos.

The malware has been circulating in Australia and has begun to appear in UK mailboxes. Sophos said the malware downloaded from Korea is Mal/ObfJS-H. ObfJS, which stands for "obfuscated JavaScript", the second most prevalent web-borne malware in Sophos's latest monthly roundup of online malware.

This JavaScript page unscrambles itself to create a Web page which Sophos detects as Mal/JSShell-B, which in turn tries to exploit a Windows XML vulnerability (patched in 2006) to download a malicious Windows program hidden on the same compromised server in Korea. Sophos blocks this file as Mal/Basine-C.


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
* *