Malware RAT rides hoax tsunami to Australia

Crims pinch News logo and expose the great tsunami cover-up.

\ mage credit:

Criminals have bundled a backdoor trojan in a spammed fake report that claims Australia will be devastated by a tsunami this New Years Eve.

Using the News Limited digital title’s widely recognised brand, the hoax report claims experts at the Australian “agency of volcanology and seismology” predicted an earthquake “measuring 7 degrees” and a tsunami that would hit Australia at the year's end, causing 50,000 casualties.

A second “natural disaster agency” did not warn Australians of the impending disaster to “avoid panic” among citizens, the hoax claims.

The spam encourages recipients to click a “watch this” button to view a “leaked video” that supposedly confirms the agency's tsunami fears, which in fact installs a remote access tool (RAT) known as Arcom, according to an analysis by security vendor Trend Micro.

RATs offer their controllers the ability to remotely spy on or steal information from the target and this particular tool is offered to online crime groups for $2000, the vendor said.

The “watch now” button downloads a file that purports to be a audio-visual file (AVI), but is actually a backdoor that installs the RAT.

Queensland-based Brett Christensen posted a warning about the malware at the Hoax-Slayer blog last week and handed a sample to Trend Micro.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.



Comments are now closed

CSO Corporate Partners
  • f5
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Identity & Security Management

Identity and Security Management

Security Awareness Tip
Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.