Virus researchers at Sophos Inc., an anti-virus and anti-spam company based in Lynnfield, Mass., report that the new Crowt-A worm takes its subject lines, message content and attachment names from headlines gathered in real-time from the CNN Website.
Sophos analysts also note that Crowt-A's subject line and attachment share the same name, but continually change to mirror the front-page headline on the CNN news site. The message text also is lifted from CNN's site, tricking the recipient into thinking that they are reading a bonafide newsletter rather than receiving an infected email.
''Virus writers are always looking for new tricks to entice innocent computer users into running their malicious code,'' says Carole Theriault, security consultant at Sophos. This latest ploy feeds on people's desire for the latest news. Many people subscribe to legitimate email news updates, but the message is simple -- businesses need to make sure their anti-virus detection is constantly updated and users need to be suspicious of all unsolicited email whether it's promising celebrity pictures or news updates.''
The worm also acts as a Trojan, installing a backdoor. Using this backdoor, it logs keystrokes on the infected PCs and sends the information to a remote user.