Cybercriminals seize on Virginia Tech shootings

Spammers and hackers are using the murders at Virginia Tech university as a gory lure to infect computers with malicious software.

Share

Spammers and hackers are using the murders at Virginia Tech university as a gory lure to infect computers with malicious software.

While the video made by gunman Cho Seung-hui prior to the killing of 33 people on Monday was widely posted on news Web sites and YouTube.com, spam e-mails were intercepted Wednesday night purporting to link to the footage on a Brazilian Web site, said Graham Cluley, senior technology consultant, at security vendor Sophos.

If clicked, the link caused a computer to automatically download a malicious screensaver, called TERROR_EM_VIRGINIA.scr by Sophos, which installs a Trojan horse program that collects banking details, Cluley said.

It's unclear yet what banks the Trojan is engineered to exploit, Cluley said. Sophos has posted a

http://www.sophos.com/pressoffice/news/articles/2007/04/virginia.html
Screenshot

of the spam.

The e-mails are unlikely to mean much to English speakers since they're written in Portuguese, Cluley said. But hackers have repeatedly used breaking news events to try to trick users into opening malicious programs.

"We might see other hackers jump on the coattails of this," Cluley said.

After emergencies and disasters, fraudulent Web sites purporting to collect charity money also tend to emerge. So far, more than 450 domain names related to the Virginia Tech shooting have been registered that look questionable, wrote Johannes Ullrich, chief technical officer for the Internet Storm Center, part of the SANS Institute, which monitors the health of the Internet.

The registrations have occurred at a faster pace than ones after Hurricane Katrina struck New Orleans in August 2005, Ullrich
http://www.dshield.org/diary.html

wrote on Monday.

SANS has
http://isc.sans.org/domaincheck.html

posted a list of suspicious domains and their status. Virginia Tech has
http://www.vt.edu/

has set up an official site with information on a memorial fund.

The U.S. Computer Emergency Response Team

http://www.us-cert.gov/current/current_activity.html#phish

warned on 17 April it is likely some of those domains could turn into phishing sites.

Earlier in the week, eBay cancelled auctions trying to sell domains related to the Virginia Tech shootings, with one listed at US$49,930.

Find your next job with computerworld UK jobs