Blog

That "Obama sex" video: details!

Sophos is right to be proud of the protection it offers. Its customers (it remarks in today's briefing) "have been proactively protected against Mal/Hupig-D since April." And so they are spared the sight of the extraordinarily explicit image, shown right. Coo, look at the pixels on her!

The image is supposed to be a video of a senior American politician misbehaving. Really, it's a misdirection, a random set of rude moving pix, which distract you while a Trojan horse program downloads onto your computer. 

Sophos experts note that normally in these types of malware attacks, the Trojan horse is simply installed rather than the promised video being shown. In this case, however, users who click on the link in the emails download an executable file which does display a pornographic video (albeit one not starring Barack Obama) as it installs malicious code in the background. 

But does anybody really fall for this sort of thing these days? Yes, apparently... Graham Cluley, senior technology consultant at Sophos: "This is one of the oldest tricks in the book, but it's obviously still working or the cybercriminals wouldn't use it anymore."

That was yesterday. Today, Sophos is warning internet users not to be tricked by a widespread malicious spam campaign that claims you'll be disconnected from the internet as a result of your online activities.

Samples intercepted by SophosLabs carry the subject line ‘Your internet access is going to get suspended’ from the sender ‘ICS Monitoring Team’. The spam emails claim that the recipient has been conducting illegal activities online, which are said to be documented in a .zip file attached to the mails. Unsuspecting users, who may be dependent on their connection or concerned over the recent spate of online piracy cases, that open the file risk infection from a malicious Trojan horse which will give hackers covert access to their PC.

"With a recent survey finding that nearly half of Britain’s web users suffer from net addiction, it was only a matter of time before spammers would deploy social engineering tactics to take advantage," said Graham Cluley.

"Recent piracy cases will also worry web users, especially those who may be using unsecured WiFi – they’ll want to open the attachment to make sure that someone else hasn’t been using their connection to download copyrighted movies or music. Unfortunately by then it’s too late, and they could have handed access to their computer and files to the hackers."

According to Sophos, the spammers have been using two malicious attachments in these emails, detected as Troj/Meredrop-A and Troj/Agent-HQK. Sophos customers are fully protected against these attacks. Sophos recommends all computer users ensure their anti-virus protection is up to date, and run a consolidated solution at the email gateway to defend against viruses and spam.