Trojan Spreads Announcing the Death of Vladimir Putin

Experts at SophosLabs have reported a spam campaign disguised as a breaking news report about the death of Russian President Vladimir Putin. An e-mail announces the passing of the Russian president and redirects the curious users to what appears to be a BBC new report. In actuality, the embedded link takes the user to a Russian Web site belonging to a construction company that provides heating systems for apartments.

The e-mail contains malicious HTML script that exploits the ADODB.Stream vulnerability in Internet Explorer in order to download the Troj/Dloadr-ZP Trojan horse from the Russian website.

"It appears whoever sent this spam is trying to discredit the Russian firm in what we call a 'joe job'. Users may think that the spam was purely an attempt to drive traffic to the construction company's products and seminars, whereas in fact hackers are also using the opportunity to try and infect unprotected PCs," explained Graham Cluley, senior technology consultant for Sophos. "Everyone should protect their computers with security patches, up-to-date anti-virus software, firewalls and a solid defense against spam. Hackers have used bogus stories about breaking news stories in the past to encourage people to open emails, and they're likely to do so again."

"Normally, a joe job is a spam campaign forged to appear as though it came from an innocent party, with the intention of incriminating or pinning blame onto them," added Cluley. "In this case, users wanting to read the news report may think that the emails came from the Russian website they are directed to selling seminars and heating systems. In truth, the spam emails came from a zombie network of compromised computers around the world, being exploited by the hackers. If users aren't careful they could find their PCs part of the zombie network as well."