Police report lodged over hoax terror e-mail
By RASLAN SHARIF
31st December 2003 (The Star)

PETALING JAYA: The Malaysian Computer Emergency Response Team (MyCERT) said it has alerted the police to a hoax e-mail apparently originating from Germany, warning of terrorist attacks in Malaysia.

The e-mail also preys on gullible e-mail users by telling recipients to click on a link to a website that supposedly provides more information on the attacks, but secretly downloads malicious files into their computers instead.

A MyCERT official told In.Tech it reported the hoax e -mail to the Royal Malaysian Police Cybercrime Division in Bukit Aman last Friday.

"We've come across e-mail and websites embedded with malicious codes (before), (but) this is the first time we've seen (hoax) e-mail that involves the Malaysian Government, terrorism and the citizens of Malaysia," he added.

The official also said an analysis of the e-mail's header showed the message originated from Germany.

"We have alerted the relevant administrators there," he added.

Raja Azrina Raja Othman, deputy director of the National ICT Security and Emergency Response Centre (Niser), told In.Tech the organisation, of which MyCERT is part of, normally works closely with law enforcement agencies and other relevant parties in cases that warrant further investigation and threaten national security.

"This looks like a classic hoax -- the fact that the person lures the reader to a website gives it away," she added.

MyCERT was first made aware of the e-mail by an In.Tech reader who received it on Dec 20. The reader forwarded a copy of the e -mail to both In.Tech and MyCERT on the same day.

According to the official, MyCERT received a second report from another local Internet user on the morning of Dec 23.

MyCERT received four more reports later in the afternoon, after putting out an alert on its mailing lists to find out whether anyone else had received the hoax e-mail.

The malicious files downloaded into the computers of Internet users that fall victim to the hoax are of the type know as trojans.

"Our analysis shows that once it has infected a particular computer, the trojan attempts to connect to three hosts -- two located in Russia and one in China, via the SMTP port, Port 2990 and the HTTP port," said the official.

He added that no other payload or destructive effects were detected.

MyCERT has alerted the administrators of the three hosts, which may have been compromised and used for malicious activities.

An alert on the hoax e-mail and steps on how to remove the trojan from an infected computer has been put up at http://www.mycert.org.my/advisory/MA-061.122003.html.
   

COPYRIGHT © - CYBERSECURITY MALAYSIA
CONTACT US PRIVACY NOTICE DISCLAIMER SITEMAP