Hackers pounce on Howard 'heart attack e-mail'

update Hackers may have captured the login details of around 750 Australian banking customers by circulating a trojan e-mail claiming the prime minister has suffered a heart attack, according to a security company.

Titled "John Howard, the current Prime Minister of Australia has survived a heart attack", the e-mail claims Howard suffered the heart attack while at Kirribilli House and is fighting for his life in hospital.

The e-mail then provides a link purporting to be an online news report. Users that click the link however are directed to a standard "404 error" page which downloads a trojan to their computer.

Joel Camissar, country manager for Websense, which has been tracking the scam, said the trojan monitored infected users' Internet activity. This included logging keystrokes, he said.

Websense has identified one of the servers used in the hacking attempts and is recording compromised IP addresses, as well as other data stored by the server. Hackers often did little to secure their own computers, said Camissar.

Of 2,500 users around the world infected by the trojan, around 30 percent, or 750 people, were from Australia, he said.

This data could include banking login details.

Websense claimed customers of the Commonwealth and Westpac banks may have had their account details captured.

However, both banks have denied the trojan had infected their systems. Westpac's systems had not been compromised by the trojan and the bank was unaware of any fraud losses as a result, according to a spokesperson.

A Commonwealth Bank spokesperson said its Web site had not been infected with the trojan. However, the Web site was not the issue, according to Camissar.

"The Commonwealth Bank Web site hasn't been compromised," Camissar said.

"But the trojan horse monitors user sites visited and sends back the [bank site] username and password to the server computer," he said.

The scam was not limited to Australia, according to Websense. Customers of banks across Europe and the US may also have had their passwords captured.

Websense was working with law enforcement authorities to find the scammers, he said.

Advertisement

Print feature brought to you by Hewlett Packard

Talkback 5 comments

    MalwareAnonymous -- 21/02/07

    Very scary worm. I hope people take advantage of services like anonymizer.com to avoid malware like this in the future. Too vulnerable without it.

    Howard Heart Attack EmailAnonymous -- 21/02/07

    What I want to know, is what people can do if their PCs may be infected!

    The real storyDamon Hastings -- 21/02/07

    Okay, the real story here is that it's possible to be infected by a trojan merely by visiting a web page. This article focuses on a single exploit of that vulnerability, and thus the article is nearly irrelevant. The vulnerability is what matters. If it isn't patched soon, you could see millions of infections from more creative exploits in the very near future. If any hacker is able to smuggle the trojan onto even a single major website, he could net millions of victims.

    Does anyone know what browser(s) are affected? Is it just Internet Explorer 6? IE7? How long has Microsoft known about this vulnerability, and when will they fix it? I can't find any useful articles on the net -- they're all just clones of this one.

    The real storyAnonymous -- 21/02/07 (in reply to #320075046)

    The real story is that there are a lot of gullible or unaware people out there. If you visit the sites in question, a message such as the following is displayed:

    502 Service Temporarily Overloaded

    Server congestion: too many connections: high traffic.

    Keep trying until the page loads. This can be a common occurrence at peak news times.

    Also try to shutdown your firewall and antivirus software.

    The last sentence should make some pennies drop, but apparently not for 750 people....

    i totally agreeAnonymous -- 22/02/07 (in reply to #320075046)

    my mother clicked the link on her computer and i would like to know what the actual malware is??? i know that it is a trojan / keylogger (says in every article i have read) ... but what is it and who is doing what to fix it??? there is nothing posted anywhere that can help... just the same information on every media page... if its such a big thing then why arent we being told what is being done about it???

Add your opinion


Latest Videos

Blogs

  • David Braue Will Rudd's bush backhaul bonanza deliver?
    Rural areas will be welcoming the government's decision to put its money where its politicising is, funnelling $250m into a regional fibre upgrade to six rural centres. Remedying over a decade of near-neglect at the hands of telecoms privatisation, the investment could be the firmest step yet for Labor's NBN dream — but with inevitable political questions and a looming election, Rudd and Conroy need to deliver, and quickly, to preserve the NBN's credibility.
  • Array Doing for AV what VoIP did for telephony
    Sydney-based start-up Audinate is making traditional analog cabling obsolete in favour of TCP/IP-based networking technology. And it's doing a pretty good job so far, with its technology used by World Youth Day and the Sydney Opera House.
  • Array WiMax in Australia: Part two
    WiMax could be the standard that drives the next phase of mobile broadband, it provides an opportunity for players wanting to establish a pure IP network to carry voice and data effectively — but is this what operators want?
  • More blogs »

Tags

  1. 467 articles are tagged with 3g
  2. 5 articles are tagged with 3g s
  3. 7 articles are tagged with 3gs
  4. 430 articles are tagged with accc
  5. 72 articles are tagged with act
  6. 22 articles are tagged with anao
  7. 1250 articles are tagged with apple
  8. 129 articles are tagged with ato
  9. 35 articles are tagged with audit
  10. 18 articles are tagged with backhaul
  11. 18 articles are tagged with basslink
  12. 1260 articles are tagged with broadband
  13. 194 articles are tagged with budget
  14. 8 articles are tagged with cenitex
  15. 202 articles are tagged with ceo
  16. 52 articles are tagged with cepu
  17. 638 articles are tagged with cio
  18. 188 articles are tagged with conroy
  19. 117 articles are tagged with contract
  20. 20 articles are tagged with david thodey
  21. 50 articles are tagged with e-health
  22. 1017 articles are tagged with google
  23. 968 articles are tagged with government
  24. 764 articles are tagged with hp
  25. 1271 articles are tagged with ibm
  26. 179 articles are tagged with iinet
  27. 331 articles are tagged with iphone
  28. 267 articles are tagged with isp
  29. 1418 articles are tagged with microsoft
  30. 32 articles are tagged with minchin
  31. 1097 articles are tagged with mobile
  32. 324 articles are tagged with mobile phone
  33. 144 articles are tagged with national broadband network
  34. 255 articles are tagged with nbn
  35. 175 articles are tagged with nsw
  36. 835 articles are tagged with optus
  37. 141 articles are tagged with police
  38. 149 articles are tagged with queensland
  39. 10 articles are tagged with racism
  40. 138 articles are tagged with smartphone
  41. 1270 articles are tagged with software
  42. 134 articles are tagged with stephen conroy
  43. 159 articles are tagged with sydney
  44. 89 articles are tagged with tasmania
  45. 216 articles are tagged with telco
  46. 2271 articles are tagged with telstra
  47. 97 articles are tagged with union
  48. 150 articles are tagged with victoria
  49. 312 articles are tagged with vodafone
  50. 69 articles are tagged with windows 7

Back to top

Featured