Hackers and malware creators are capitalising on web users' fear of terrorism by sending fake emails claiming to contain security advice from police forces. The emails, which claim to include tips on staying safe, also carry a Trojan called Backdoor.Sockrat which can give hackers access to your computer.
So far, the malicious emails have been sent to companies in Bahrain, Turkey and Canada, and claim to come from the counter terrorism departments at national police forces, including Dubai Police Force. The emails contain a PDF and a .jar file.
The PDF is not harmful, but is included as a "decoy file", according to a blogpost written by Symantec, a computer security company. "The email comes with two attachments, one of which is a PDF file that is not actually malicious but acts as a decoy file," the post says. "The malware resides in the other attachment, an archive .jar file. Further analysis of the malware confirms that the cybercriminals behind this campaign are using a multi-platform remote access Trojan (Rat) called Jsocket (detected as Backdoor.Sockrat)."
When opened, the Trojan, as its name suggests, opens a back door that allows an attacker to download files onto infected computers. To make the emails seem legitimate, the criminals have included the names of people employed by the relevant police forces in the signature, and include names of employees at the company being targeted.
'Follow these protective measures'
The email reads: "We got a terror alert regarding your business area. Be advised to follow the protective measures (Security Tips) as attacked to keep yourself, your company and your family secured."
Organisations targeted with the malware have generally been based in the energy, defence, finance, government, marketing and IT industries. Security expert David Bisson suggests this indicates that the attackers spent time researching their victims.
Bisson said that people must be prepared for these emails and not fall for them by opening the attachments. "It is our responsibility to expect these types of ploys and prepare for them," he wrote in a blogpost. "When it comes to email security, suspicious attachments and links are better left untouched."
Believing email scams like this could spread to other countries, Symantec said: "With recent events such as those witnessed in Paris and Beirut, terrorist attacks have become a threat across the world, and terror groups have been known to make their presence felt online too. We may yet see more of these kinds of social engineering tactics preying on real-world fears."