Hackers have begun exploiting the hurricane disaster in the US, sending emails that pose as breaking news about the situation in order to trap people into clicking on links that take them to bogus websites.
The anti-virus company Sophos said the subject lines on such emails read: “Re: g8 Tropical storm flooded New Orleans”, “Re: g7 80 percent of our city underwater” and “Re: q1 Katrina killed as many as 80 people.”
Sophos senior technology consultant Graham Cluley said random characters were being deliberately added into subject lines in order to avoid detection by basic anti-spam filters. He said Windows users who followed web links in these emails would be taken to a website which masqueraded as a fuller version of the news story. The site would exploit vulnerabilities in Microsoft’s Internet Explorer browser to install malicious code such as the Cgab-A trojan, Cluley said.
The attack was designed to allow attacker to gain remote access to the victim’s computer.