Two new pieces of malicious code appeared in the wild Friday -- one disguised as a message from Romanian security firm BitDefender; the other as a CNN news alert.
BitDefender CTO Bogdan Dumitru said in a statement that a virus called Sticy-A was spreading in an e-mail message with a spoofed "from" field [firstname.lastname@example.org], prompting users to download harmful executables from the "http://playb.........a.go.ro/" Web site. He said a virus definitions update has been issued, and the company that hosts the Web site in question has been contacted and asked to remove the offending site.
"We expect this to be the work of a bored Romanian student or somesuch," Dumitru said. "The whole set-up is amateurish in the extreme. Nevertheless, we have been receiving about 20 bounced e-mails per minute, so I suspect the virus is spreading at a steady pace."
He warned users not to follow the link or download the executables in question "under any circumstances whatsoever." He also recommended they update their antivirus with the latest virus definitions and to initiate a full scan of their computers "at their earliest convenience."
"The BitDefender support team does not, under any circumstances, send security warnings of any kind," he added.
Meanwhile, Lynnfield, Mass.-based antivirus firm Sophos has spotted a worm posing as a CNN news alert.
Crowt-A takes its subject lines, message content and attachment names from headlines gathered in real-time from the CNN Web site. It attempts to send itself by e-mail to addresses found on infected computers, the firm said.
"Its subject line and attachment share the same name, but continually change to mirror the front-page headline on the CNN news site," Sophos said. "The message text is also lifted from CNN's site, duping the recipient into thinking that they are reading a bona-fide newsletter rather than receiving an infected e-mail."
Crowt-A also installs a backdoor Trojan horse that tries to log keystrokes on infected PCs and send data back to a remote user. Attackers often use these Trojans to take control of PCs and to steal personal information like bank passwords, Sophos said.
"Virus writers are always looking for new tricks to entice innocent computer users into running their malicious code; this latest ploy feeds on people's desire for the latest news," Carole Theriault, a security consultant for Sophos, said in a statement. "Many people subscribe to legitimate e-mail news updates, but the message is simple -- businesses need to makes sure their antivirus detection is constantly updated and users need to be suspicious of all unsolicited e-mail whether it's promising celebrity pictures or news updates."