July 23, 2004 11:35 AM PDT
Virus writer purports to show bin Laden's death
- Related Stories
'Atak' worm variant linked to al-Qaida sympathizerJuly 16, 2004
Scotland Yard and the case of the rent-a-zombiesJuly 7, 2004
Adware ploy dupes IMers with bin Laden 'news'February 11, 2004
Bin Laden tape draws Net viewersDecember 13, 2001
The message, which has been posted on several Internet newsgroups, claims to contain pictures taken by CNN journalists of bin Laden committing suicide. But once the supposed picture file is opened, it installs a Trojan horse that effectively recruits the infected machine into the author's army of "zombie" PCs--already-infected machines that can be controlled surreptitiously from afar. The zombified computers can then be used to distribute spam or launch denial-of-service attacks.
Hackers and virus writers are trying different tricks to try to get people to download their malicious code, said Graham Cluley, senior technology consultant for Sophos.
"It seems this time, the hacker has focused on the public's morbid curiosity and appetite for news on the war against terror," he said.
Terrorism has been a popular theme among virus writers recently. Last week, a variant of the Atak worm was linked with an al-Qaida sympathizer who allegedly threatened to release an "uber worm" if the United States attacked Iraq.
Richard Starnes, president of security industry group ISSA UK, said the warning from Sophos should help spur computer users to "install preventative measures" before the Trojan horse becomes widespread.
Virus writers try to get e-mail users' attention and persuade them to open attachments or click on links, even if they have been told not to, Starnes said.
Antivirus and antispam companies have updated their software to detect the Trojan horse, according to Starnes, so people need to make sure that they have the most recent version of their software.
"It depends on how long (it takes for) antivirus and antispam companies (to) respond by releasing new signatures, and how quickly the customers respond by downloading and installing them," he said.
Munir Kotadia of ZDNet UK reported from London.