Earlier this morning SophosLabs noticed a new scam designed to fool users into viewing a web site where they would be hit with a malicious script that installs a spy Trojan. We saw several spam messages alerting users to the supposed shooting of the e-Gold founder, for example:
The Trojan is detected by runtime HIPs protection as HIPS/FileMod-005:
Specific detection for the Trojan and the files it installs has been added as Troj/Agent-GUJ.
This is yet another example of the attackers using a blend of spam and malicious web sites to infect victims. Such cases provide perfect illustrations of the need for quality security solutions, encompassing anti-spam, web content inspection, URL filtering and runtime protection technologies in addition to ‘plain old’ file scanning.