By TechWeb Technology News
A new worm uses breaking news -- and a devious technique to keep itself up-to-date -- to dupe recipients into opening attachments, an anti-virus firm said Friday.
U.K.-based security vendor Sophos said that the Crowt.a worm grabs its subject lines, message content, and attachment names from headlines culled in real-time from CNN's Web site. The worm's subject and attachment filename constantly change to mirror the top headline on CNN.com, while the e-mail message's text is also hijacked from CNN.
The idea is to fool recipients into thinking that they're reading a legitimate newsletter or news brief rather than looking at payload-carrying message about to infect their PC.
Crowt.a also slips in a backdoor component that tries to record keystrokes and send the stolen info to the hacker, an element of many worms that are meant not only to give the attacker later access to the infected computer, but also lets them walk off with valuable passwords or bank account information.
"This latest ploy feeds on people's desire for the latest news," said Carole Theriault, a security consultant at Sophos, in a statement. "Many people subscribe to legitimate email news updates...virus writers are always looking for new tricks to entice users into running their malicious code."
Try TechWeb's RSS Feed!UCLA seeking Programmer/Analyst IV in Los Angeles, CA
Transportation Security Administration seeking CIO in Arlington, VA
Comcast seeking Tier 4 CRAN Network Engineer in Chelmsford, MA
SMDC Health System seeking Applications System Analyst 3 in Duluth, MN
ISES, Inc. seeking Techncial Support in Bridgewater, NJ
For more great jobs, career-related news, features and services, please visit our Career Center.
TechWeb's FREE e-mail newsletters deliver the news you need to come out on top.
Get definitions for more than 20,000 IT terms.
Editorial and vendor perspectives
