Source:    Malaysian Computer Emergency Response Team

Monday, December 29 2003

Terrorist email spreads trojan virus in Malaysia

By Staff, CNETAsia

A new virus is spreading by email in Malaysia, combining threats of terrorist plans and a trojan horse virus.

Victims receive an email that claims to warn of five terrorist attacks planned, with the times and places leaked by an anonymous Malaysian government source. The email's subject line is "Urgent message to all citizens of Malaysia", and the email says it seeks to minimize the number of terrorist victims by spreading the terrorist attacks information, reported the Star, a Malaysian daily.
Inside the email is an embedded link that purports to link to a site with important information regarding the attacks. However, the Malaysian Computer Emergency Response Team (myCERT) said that clicking on the link instead installs three malicious files that appear to be trojan horse virus files and add a new key to the computer registery. Then the virus attempts to connect to three Internet hosts set by the virus. MyCERT's website said the virus was similar to the Backdoor.Tofger trojan horse reported in early December 2003.
MyCERT also said that the three Internet hosts the virus attempts to connect could have had their security comprimised already, reported the Star. MyCERT has already notified the three hosts' system administrators.
The MyCERT website has instructions on how to remove the virus.
Some viruses have used the lure of pornography to get victims to activate the malicious attachments. The Malaysian virus combines current terrorist fears with the trojan horse virus, and may also combine criminal laws. The perpetrators would be liable for the virus itself, but under Malaysian law, including Malaysia's harsh Internal Security Act, could also be held responsible for the crime of rumour-mongering.
Arrests and detentions under email rumour-mongering have occurred previously in Malaysia, said the Star. 10 people were arrested a year ago in December 2002 for allegedly spreading an email about planned bombings in Malaysia's capital, Kuala Lumpur, and Four people were detained in 1998 for emails that claimed there had been religious riots in Kuala Lumpur. The penalties for spreading false reports or false statements that are likely to cause public alarm are a fine up to US$263 and up to a year's jail.
The Star said that MyCERT officials had not yet confirmed whether the Malaysian police had been notified of the terrorist virus email.