Virus writers, forever in search of opportunities to distribute their malicious code, are exploiting interest in the avian flu by circulating an e-mail with an attachment that contains information about the bird flu epidemic — and a Trojan horse tucked inside.
“Using the bird flu is a very clever way of drawing attention and enticing those PC users less knowledgeable or concerned about security to open the attachment,” said Jeanine Rother, a virus researcher at the German subsidiary of Panda Software International SL, which is based in Bilbao, Spain. “Although users are constantly being told not to open attachments from unknown sources, some are likely to ignore these warnings because of their interest in the epidemic and potential threat to their own lives.”
Rother was unable to say how many computers have been so far infected with the Trojan horse, which the company detected in its virus lab. Panda Software has given the malware a low-risk rating in a message posted on its Web site.
The Naiva.A Trojan horse masquerades as a Word document with subject lines such as “Outbreak in North America” and “What is avian influenza (bird flu)?”
The Trojan horse uses two Word macros to run and install a second threat on the computer. The first macro enables the Trojan horse to modify, create and delete files. The second macro installs Ranky.FY on computers. Ranky.FY allows hackers to gain remote control of infected computers.
Panda Software urges users to set their macro security level at medium to receive a warning when a macro is run, or on high to stop macros from running altogether.
The Naiva-A Trojan comes on the heels of numerous spam e-mail distributions that promote the sale of Tamiflu, the drug believed to be most effective at protecting humans for the H5N1 strain of the bird flu virus.