Virus masquerades as terror alert
By RASLAN SHARIF
26th December 2003 (The Star)

PETALING JAYA: A computer virus that preys on people's fear of terrorism has been making its rounds amongst Malaysian surfers.

The deceptive e-mail terror alert activates malicious code known as a trojan. A reader, who wanted to be known only as "1234 Malaysian," alerted In.Tech of the e-mail after he received it on Dec 20.

He also forwarded a copy to the Malaysian Computer Emergency Response Team (MyCERT).

Bearing an "urgent message for all Malaysians" and purportedly from an anonymous source within the Government, the e-mail claims the Government has knowledge of "at least 5 planned acts of terrorism, and provisional places and time(s) of carrying out (the acts)."

It adds the so-called source leaked the information "to minimise the quantity of victims."

The e-mail then urges those who "think of the future of the relatives (sic)" to click on an embedded link that supposedly takes them to a website providing information "which probably will rescue your life."

Click-happy recipients eager to save themselves and their families would find no such thing.

According to the Malaysian Computer Emergency Response Team (MyCERT), clicking on the link would activate a program that inserts three files -- malicious code of the type known as trojans -- into the e -mail recipient's computer, and adds a new key to the computer's registery.

The code then attempts to connect to three specific Internet hosts via the infected computer.

MyCERT said the hosts could have been readily compromised to be used as launching pads for other malicious activities.

It said it had notified the system administrators of the hosts concerned.

According to MyCERT, the trojan is similar to the Backdoor.Tofger trojan discovered on Dec 2.

Instructions on how to remove it can be found on MyCERT's website (www.mycert.org.my).

Double whammy

Besides being an attempt at illegally comprising computers, the e-mail might be breaking laws on national security.

While the terrorism-based content of the e-mail was clearly targeted at getting as many people as possible to forward it to others, Malaysia has several laws -- including the Internal Security Act (ISA) -- that prohibit rumour-mongering.

In August 1998, four people were detained under the ISA for circulating e-mail claiming religious riots had broken out in Kuala Lumpur.

In December 2002, police arrested a total of 10 people under the ISA for allegedly circulating e-mail of planned bombings in the city.

Section 28 of the ISA states "any person who, by word of mouth or in writing or in any newspaper, periodical, book, circular or other printed publication or by any other means, spreads false reports or makes false statements likely to cause public alarm, shall be guilty of an offence."

Those found guilty are liable to a fine not exceeding RM1,000 or to imprisonment for a term not exceeding one year, or both.

Officials at MyCERT were unavailable for comment on whether police have been alerted of the new "terror" e-mail.