Fake BBC site infects computers with keylogger trojan


Criminals are using real stories from the BBC news website in a ploy to infect computers via the latest flaw in Internet Explorer (IE).

Hackers are using the IE flaw to infect users and turn machines in zombie computers. An alert issued by researchers at Websense Security Labs warned users that attackers have begun sending spam in an attempt to attract users to infected websites.

These emails contain excerpts from actual BBC news stories and offer a link to "Read More." Users who follow this link are taken to a website that is a spoofed copy of the BBC news story from the e-mail.

This website exploits the unpatched createTextRange vulnerability in Internet Explorer and is currently being used to download and install a keylogger. This keylogger monitors activity on various financial websites and uploads captured information back to the attacker.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.