We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Hackers infect PCs with Virginia Tech email

Malicious screensaver collects bank details

A spam email claiming to contain a link to footage of the Virginia Tech shootings is infecting computers with malicious Trojan software that collects bank details, security experts are warning.

"While the video made by gunman Cho Seung-Hui prior to the killing of 33 people on Monday was widely posted on news websites and YouTube.com, spam emails were intercepted on Wednesday night purporting to link to the footage on a Brazilian site," said Graham Cluley, senior technology consultant at security vendor Sophos.

Clicking the link caused a computer to automatically download a malicious screensaver, called TERROR_EM_VIRGINIA.scr by Sophos, which installs a Trojan program that collects banking details.

"It's unclear yet what banks the Trojan is engineered to exploit," Cluley said. Sophos has posted a screenshot of the spam.

The emails are unlikely to mean much to English speakers since they're written in Portuguese. But hackers have repeatedly used breaking news events to trick users into opening malicious programs.

"We might see other hackers jump on the coat-tails of this," Cluley said.

In the aftermath of emergencies and disasters, fraudulent websites frequently emerge, often claiming to collect charity money. So far, more than 450 questionable-looking domain names related to the Virginia Tech shooting have been registered, according to Johannes Ullrich, chief technical officer at the Sans Internet Storm Center web security monitor.

The registrations have occurred at a faster pace than after Hurricane Katrina struck New Orleans in August 2005, Ullrich wrote on Monday.

Sans has posted a list of suspicious domains and their status. Virginia Tech has has set up an official site with information on a memorial fund.

The US Computer Emergency Response Team warned on Tuesday that it's likely some of those domains could turn into phishing sites.

Earlier in the week, eBay cancelled auctions trying to sell domains related to the Virginia Tech shootings, with one listed at $49,930 (£25,000).

IDG UK Sites

Samsung Galaxy S6 review: Hands-on with the new Samsung Galaxy. Samsung's flagship is more iPhone-lr......

IDG UK Sites

5 things we hate about MWC: What it's like to be a journalist at a technology trade show

IDG UK Sites

Ractive powers The Guardian's interactive infographics – and lets novice coders build complex...

IDG UK Sites

What does that mean? A jargon-buster dictionary of tech terms for Apple fans