• United States



by Liam Tung

Malware RAT rides hoax tsunami to Australia

Nov 26, 20122 mins
Data and Information SecurityMalware

mage credit:

Criminals have bundled a backdoor trojan in a spammed fake report that claims Australia will be devastated by a tsunami this New Years Eve.

Using the News Limited digital title’s widely recognised brand, the hoax report claims experts at the Australian “agency of volcanology and seismology” predicted an earthquake “measuring 7 degrees” and a tsunami that would hit Australia at the year’s end, causing 50,000 casualties.

A second “natural disaster agency” did not warn Australians of the impending disaster to “avoid panic” among citizens, the hoax claims.

The spam encourages recipients to click a “watch this” button to view a “leaked video” that supposedly confirms the agency’s tsunami fears, which in fact installs a remote access tool (RAT) known as Arcom, according to an analysis by security vendor Trend Micro.

RATs offer their controllers the ability to remotely spy on or steal information from the target and this particular tool is offered to online crime groups for $2000, the vendor said.

The “watch now” button downloads a file that purports to be a audio-visual file (AVI), but is actually a backdoor that installs the RAT.

Queensland-based Brett Christensen posted a warning about the malware at the Hoax-Slayer blog last week and handed a sample to Trend Micro.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.