Computer Crime Research Center

Kaspersky scores virus alert own goal
(by Robert Lemos)

An email virus alert sent by Russian antivirus company Kaspersky Labs was tainted with the worm the company was warning its subscribers against

A Russian antivirus company apologised on Friday for an emailed virus alert that was infected with the very worm the message was supposedly designed to warn against.

Kaspersky Labs said the message, sent Thursday to subscribers of the company's "Virus News" email dispatch, had actually been sent by hackers masquerading as the company. The hackers had managed to break into Moscow-based Kaspersky's computer system and steal the mailing list for the newsletter, the company said.

"We are conducting an investigation to reveal the sources of this attack and are taking the necessary ensure that this type of attack will never succeed in the future," Eugene Kaspersky, founder and head of research for the company, said in an advisory about the email.

To date, the company hasn't heard of any infections resulting from the tainted message, but it has offered free technical services to anyone who does fall prey to the viral prank.

The infected message, sent to some thousands of subscribers, carried a copy of the recently discovered Braid worm.

Braid, also known by Kaspersky Labs as Bridex, hasn't spread very widely. UK-based email service provider MessageLabs intercepts such hostile attachments for its client companies and has seen only a little more than 2,000 copies of the virus in the last 24 hours. That places the malicious program at No. 5 on MessageLab's daily Top 10 list; the Klez virus leads the pack with over 9,000 infected emails intercepted by the company in the last 24 hours.

A variant of the Fun Love virus, Braid is written in Visual Basic Script and has its own email engine. That means it can spread itself even if a victim's computer doesn't have an email client such as Outlook installed. The virus infects computers running on Windows, makes several copies of itself on the hard drive, searches for email addresses in a variety of files and then sends itself out to those addresses.

But Thursday's mass mailing of the virus wasn't the result of an infection, said Denis Zenkin, director of marketing for Kaspersky Labs. It was a deliberate act by online vandals.

"Some hackers got into our Web server and got the addresses of our subscribers," Zenkin said, "and these hackers sent a message with the Bridex worm to all of the subscribers."

Zenkin said he doesn't know how the hackers infiltrated the Web server, which ran the Unix variant FreeBSD and the mail program Postfix.

However, he did say such attacks are no longer a rare occurrence, especially in Russia.

"We get dozens and dozens of attacks every day," Zenkin said, trying to put a positive face on the whole incident.

"This case shows that Kaspersky Labs is growing and becoming more and more famous and attracts more attentions from the hackers," Zenkin said.


Home | What's New | Articles | Links
Library | Staff | Contact Us

Copyright Computer Crime Research Center 2001, 2002 All Rights Reserved.
Contact the CCRC Office at 380-612-735-907