Security Watch

Keeping Track of patches and hacks in the IT security world.

Bogus E-Mail Delivers Keylogger by Luring Users with News of PM's Heart Attack

Websense Security Labs is reporting a Trojan packed into an e-mail that claims that Australia's Prime Minister has suffered a heart attack.

Websense says the Trojan monitors all of a user's activity online, keeping track of Web sites visited and keylogging "everything you do," according to Websense's e-mail alert of Feb. 19. The Trojan includes a special phishing module, Websense reports.

At the time of Websense's alert, more than 2,500 victims were known to be affected, including a slew of banks--not surprising, given that phishers are increasingly targeting big financial pay dirt. The affected banks are: Westpac (Australia) Kasikorn Bank (Thailand) Banco de Valencia (Spain) Commonwealth Bank (Australia) BBVA (Spain) Caja Madrid (Spain) Bank of America (USA) Unicaja (Spain) Wells Fargo (USA) Sparkasse (Germany) Deutsche Bank (Germany) Gad (Germany) Commerzbank (Germany) Postbank (Germany)

According to Websense, the Trojan installs a Web server on affected machines. The server allows an attacker to access the machine whenever it's online. Websense says attackers achieve this with a control panel that shows them a list of infected machines, including IP address, country, ports that can be exploited to access the machine using different protocols, and a link to Google maps that will pinpoint where the IP is located.

Websense's advice on how to detect the malware is, well, how to put this? It's an ad for Websense's Security PG product, which blocks access to fraudulent sites.

As far as how to avoid downloading the keylogger, Websense politely directs users to a tip sheet regarding how to avoid phishing, or what one could safely summarize as "Don't click on it, stupid."

*Note: This post was edited to reflect the correct day of Websense's alert.