New malware causing havoc in Australia

The Northern Territory is the focus of a new e-mail causing havoc throughout Australia. According to Sophos, Australian organizations need to be aware of malicious spam circulating in Australia which pretends to be from the Bill and Melinda Gates Foundation.

Sophos Asia-Pacific head of technology, Paul Ducklin, said the news quoted in the spam is real, current, and topical.

It has the subject line ‘Life for Life’ and leads with the recent news that the Northern Territory Library has received the 2007 Access to Learning Award from the Bill and Melinda Gates Foundation.

This is true. However, Ducklin said the link inviting you to read more about the award takes you off to an infected Web site in Korea.

Sophos detects the malware downloaded from Korea as Mal/ObfJS-H. ObfJS, which stands for “obfuscated JavaScript”, and is the second most prevalent Web-borne malware in Sophos’s latest monthly roundup of online nasties.

This JavaScript page unscrambles itself to create a Web page which Sophos detects as Mal/JSShell-B, which in turn tries to exploit a Windows XML vulnerability (patched in 2006) to download a malicious Windows program hidden on the same compromised server in Korea. Sophos blocks this file as Mal/Basine-C.

Ducklin said SophosLabs analyses millions of spam messages, and uncovers more than 30,000 new infected Web pages, every day.

“Many of these make little attempt to hide what they are, coming straight out and offering you porn, or pills, or other dubious products. In this case, however, the spammers have cynically exploited the likely Australian interest in the Northern Territory Library’s success story.”

Ducklin advises users to remain vigilant when reacting to what look like innocent news releases. In this case, the e-mail claims to come from the genuine Internet domain “gatesfoundation.org,” yet the news stories link to a completely different site.

Sophos also advises businesses to aim for defense in depth through a consolidated solution. Scanning incoming e-mail provides a chance to block the initial inbound spam while filtering Web traffic provides a second chance to block access to any malicious links, and a third chance to identify any malicious content coming back from links which aren’t known yet.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now