Application security

Trojan spreads through Putin death spam

A new spam campaign posing as a breaking news report about the death of Russian President Vladimir Putin is actually an attempt by hackers to infect computer users with a trojan.

The spammed emails have the subject line "ATTENTION!!! President of Russia has dead" and a link to more information on the subject.

Embedded in this spam is a hidden script that exploits the ADODB.Stream vulnerability in Microsoft Internet Explorer to secretly download the malicious Dloadr-ZP trojan from a Russian website. The trojan is designed to download more malicious code that allows hackers to gain access to the victim's computer.

The emails also contain a link to a fake BBC News report, users instead get directed to another Russian website purporting to be the home of a construction firm which provides heating systems for apartments and advertising training seminars.

Graham Cluley, senior technology consultant for Sophos, said the spam is trying to discredit the Russian firm and called it a "joe job."

"Users may think that the spam was purely an attempt to drive traffic to the construction company's products and seminars, whereas in fact hackers are also using the opportunity to try and infect unprotected PCs," said Cluley. "Hackers have used bogus breaking news stories in the past to encourage people to open emails, and they're likely to do so again."

Cluley said "joe job" is a spam campaign forged to appear as though it came from an innocent party, with the intention of incriminating or pinning blame onto them.

"In this case, users wanting to read the news report may think that the emails came from the Russian website that sells seminars and heating systems. In truth, they came from a zombie network of compromised computers around the world, being exploited by the hackers. If users aren't careful they could find their PCs part of the zombie network as well," he said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.