Computer users who fall for the Bin Laden hoax may be hit by a Trojan horse experts at Sophos have warned computer users that a file posing as photographic evidence that Osama Bin Laden has killed himself is in fact infected by the Hackarmy Trojan horse.
Troj/Hackarmy-A is an IRC (Internet Relay Chat) backdoor Trojan that copies itself into the Windows system folder as win32server.scr or win32server.exe and sets the registry entry. The Trojan then logs on to a predefined IRC server and waits for backdoor commands.
Thousands of messages have been posted onto internet message boards and usenet newsgroups claiming that journalists from CNN found the Al Qaida terrorist leader’s hanged body earlier this week, but that the photographs have not been officially made public as the US government wants to verify its authenticity.
According to the British IT security vendor, the messages point to a website where a file can be downloaded, purporting to contain photographs. In reality the file contains a Trojan horse, which can allow hackers to gain remote control of unwitting computers.
A typical message reads as follows:
Osama Bin Ladin was found hanged by two CNN journalists early Wednesday evening. As evidence they took several photos, some of which I have included here. As yet, this information has not hit the headlines due to Bush wanting confirmation of his identity but the journalists have released some early photos over the internet.
“Hackers and virus writers will try all kinds of tricks to entice people into downloading their malicious code. It seems this time that the hacker has focused on the public’s morbid curiosity and appetite for news on the war against terror,” says Graham Cluley, senior technology consultant for Sophos.
Other anti-virus vendors such as Trend Micro, Symantec (Norton), Network Associates (McAfee), Grisoft (AVG) and Computer Associates were yet to issue similar security alerts at the time of going to press.
