Information Security Bulletin

Spoof Anti-Child Porn Email Contains Trojan

22 Aug 04:48

IT security firm Sophos has warned of a Trojan horse that has been mass spammed out in an email claiming to come from an organisation fighting child pornography on the web.

The message, which uses the subject line 'CP investigation was started', claims that the recipient's email address has been found in a child porn database discovered by the Association of Sites Advocating Child Protection (ASACP). In actual fact the email contains the Agent-CPK Trojan horse.

Part of the email reads as follows:

-------------------------------------------------
'I'd like to inform you that investigating activity of the one of child porno sites we found e-mails data base, in which was your e-mail [email address]. In view of this, I have two versions: either you are the client of this shop, or your e-mail appeared there accidentally. I sincerely hope that it was accidental coincidence and believe that you are interested in this version as well. If you show a good will, make modest, voluntary donation on our site: http://www.asacp.org/donation.html, I will be convinced in your being not implicated in this business.'
--------------------------------------------------

Attached to the email is a file called asset576.zip, which unzips to a file called asset.txt[multiple spaces].exe. Running this executable file installs the Trojan horse onto the user's computer.

"The danger is that people may panic when they think their email address was found on a child abuse website, rush to open the attached file and become infected by a malicious Trojan horse," said Graham Cluley, senior technology consultant for Sophos. "The ASACP is an entirely innocent party in this attack, it is simply the organisation's name that is being spoofed by the hackers in their attempt to infect innocent computer users."

The ASACP, which has described the incident as a 'massive spoof email attack', has published a warning on its website, informing unfortunate recipients of the message that they may be at risk of infection.

Related links: (Open in a new window.)
www.sophos.com/pressoffice/news/articles/2006/08/trojan-agent-cpk.html
www.asacp.org/index.php

View printable version (opens in new window)
Back

Search ISB News:

Not yet sure you want to subscribe? Download a free sample copy!

Download the much quoted October Editorial

Portal Frontpage
Web Editorial
About This Portal
Contact Info

IS Alerts
General News
Product News
Vendor News
People News
Literature
Events
CHI News

Subscribe Online
About ISB
Publishing in ISB
Advertising in ISB
PR Information

In the current issue:

Security Management
The Importance of Adaptability
Steve Purser

From the Trenches
Reversing Perimeter Defences – a Case Study
Søren Maigaard

Security Architectures
The Self Defending Network: New Trends In ICT Security Infrastructures
Drs. Ing. René Pluis

Subscribe Online!