Wednesday, August 20, 2008

Hackers too playing games at Olympics

Use Mails With Olympics-Related Subject Lines To Trap Surfers & Steal Personal Data

OLYMPIC buffs, beware! Internet hackers are trying their best to steal data from your system and corrupt it. Hackers send mails related to Olympic events with interesting subject lines and then trap surfers in their net. Internet users in India have been found more vulnerable as people are overenthusiastic over the prospect of getting two individual medals for the first time in the history of the games.

Hackers are sending mails with “.doc” attachment. The attachment carries the trojan which can corrupt the user’s system. Another spam message on ‘breaking news” is being circulated widely. These spam e-mails come with the subject line of current affairs and change with daily current news items, which takes the user to malicious websites hosting malicious files such as “adobe_flash.exe ”. Some of the malicious files have been detected as Nuwar Worm, according information available with the department of information technology (DIT).

Internet security agencies have warned users about a MS Word vulnerability affecting Microsoft Word 2000, 2002, and 2003. It is said to affect even patched versions of the popular word-processing application on certain MS Office versions.

“When exploited, the unspecified remote code-execution vulnerability could allow remote attackers to take complete control of an affected system, or cause the application to crash,” Trend Micro country manager for India & SAARC Niraj Kaushik said. Trend Micro, a software security major, had also issued warnings against the malaware.

The malicious files are using the Olympics to get more users to click on them. The samples are detected as TROJ_MDROPPER.ZT. These files are zero-day exploits under vulnerability summary CVE-2008-2244 under the Common Vulnerabilities & Exposures (CVE) list of the National Cyber Security Division of the US Department of Homeland Security.

Internet frauds have, off late, been banking upon sentimental and popular stories to hook users. Recent fraud incidents included fraud mails being sent in the names of NGOs for helping victims of cyclone Nargis, impending problem of Tibet and China and controversies relating to the hosting of the Olympic games. Now, it would be wiser to stay clear of unknown e-mails claiming another Olympic medal for India even as offline, the boxers sweat it out in the ring to try their luck at bagging gold.

Niranjan Bharati NEW DELHI

No comments: