Security Market Segment LS
Sunday, 11 September 2005 09:15

Malware purveyors use Hurricane Katrina to infect PCs


IT seems that no depth is too low for the unproductive parasites that continue to poison the internet channel. A recently spammed email claiming to provide news about Hurricane Katrina actually hides the JS_PHEL.K malware.

The email also poses as a WORM_ZOTOB worm removal tool which actually drops a backdoor program on the unsuspecting victim's system. Network antivirus and internet content security provider, Trend Micro, says the link provided in the email points to what seems to be a regular website with news about the Hurricane Katrina disaster, with a link for a report on the ZOTOB worm on the right-hand side.

However, as soon as the victim views this website, the JS_PHEL.K  malware exploits the HTML Help ActiveX Control vulnerability (Microsoft Security Bulletin MS05-001) to secretly redirect the browser to another website to download the BKDR_ROBOBOT.AU backdoor program. In addition, the right side of the page contains information about the ZOTOB worm, including a link to a website with ZOTOB removal tools, which in actuality also contains the backdoor program BKDR_ROBOBOT.AU. Once activated, this malicious program will display a fake ZOTOB scan message, 'Zotob was not detected on this PC,' causing victims to erroneously believe this was a free antivirus scan.

The backdoor program removes certain antivirus and security applications from the infected computer, and randomly opens communication ports to connect with an Internet Relay Chat (IRC) server. This allows hackers to remotely access the computer, and connect it to websites to download more malwares.

Trend Micro pointed out that in the past malwares have also posed as emails delivering disaster news from CNN, making it hard for users to determine which emails are real and which are not. In addition, malwares often pose as virus removal programs after larger virus outbreaks. This was particularly prevalent after the ZOTOB outbreak.

Subscribe to ITWIRE UPDATE Newsletter here

Active Vs. Passive DWDM Solutions

An active approach to your growing optical transport network & connectivity needs.

Building dark fibre network infrastructure using WDM technology used to be considered a complex challenge that only carriers have the means to implement.

This has led many enterprises to build passive networks, which are inferior in quality and ultimately limit their future growth.

Why are passive solutions considered inferior? And what makes active solutions great?

Read more about these two solutions, and how PacketLight fits into all this.


WEBINAR INVITE 8th & 10th September: 5G Performing At The Edge

Don't miss the only 5G and edge performance-focused event in the industry!

Edge computing will play a critical part within digital transformation initiatives across every industry sector. It promises operational speed and efficiency, improved customer service, and reduced operational costs.

This coupled with the new capabilities 5G brings opens up huge opportunities for both network operators and enterprise organisations.

But these technologies will only reach their full potential with assured delivery and performance – with a trust model in place.

With this in mind, we are pleased to announce a two-part digital event, sponsored by Accedian, on the 8th & 10th of September titled 5G: Performing at the Edge.


Stan Beer


Stan Beer co-founded iTWire in 2005. With 30 plus years of experience working in IT and Australian technology media, Beer has published articles in most of the IT publications that have mattered, including the AFR, The Australian, SMH, The Age, as well as a multitude of trade publications.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News