SophosLabs, security software vendor Sophos' global network of virus, spyware and spam analysis centers, are warning of a widespread spam campaign that poses as a breaking news report about the Hurricane Katrina disaster. The campaign lures innocent computer users into visiting a bogus website where their PCs may be infected with malware.
Disguised as a breaking news report, the malicious emails' subject lines include, but are not limited to, the following:

Re: g8 Tropical storm flooded New Orleans.

Re: g7 80 percent of our city underwater.

Re: q1 Katrina killed as many as 80 people.

Sophos experts believe that the people behind the email attack are deliberately adding random characters into the subject lines in an attempt to avoid detection by rudimentary anti-spam filters.

The body of the emails can vary, but all relate to the disaster hitting New Orleans and elsewhere across the coastal communities in Louisiana and Mississippi.

"Receiving or reading the emails themselves does not mean you are infected," said Gregg Mastoras, senior security analyst for Sophos. "However, if users click on the link contained inside the email, they will be taken to a malicious Website that will try and infect their computer. Once infected, the computer is under the control of remote criminal hackers who can use it to spy, steal or cause disruption."

Windows users who follow the Web link visit a Website that pretends to be a fuller version of the news story, but exploits vulnerabilities in Microsoft's Internet Explorer software to install a variety of malicious code such as the Cgab-A Trojan horse. The malicious attack is designed to allow remote hackers to gain unauthorized access to the victim's computer.

"Similar to the tsunami tragedy, this hurricane is another dreadful natural disaster that these ruthless hackers are exploiting in order to break into computers for spamming, extortion and theft," continued Mastoras. "It is now as important as ever that users have the appropriate defenses in place to properly protect against the very latest malware attacks."

Reprinted by permission of Integrated mar.com (integratedmar.com), EchannelLine © Copyright 2005 Integratedmar.com Corporation.