The US Red Cross has warned of a credit card-stealing Trojan horse
sent via e-mail that looks like it comes from the disaster-relief
organisation.
The Red Cross said it had been notified of the computer virus,
dubbed Septer.Trojan, on 17 October by Symantec.
However Symantec has classified the threat risk from the virus as
low because the e-mail must be sent manually.
Vincent Weafer, senior director at Symantec, said he knew of no one
who had fallen for the ruse. He also confirmed that Symantec had
identified the Web site where the phony donation form is located.
"I suspect it's not very widespread," Weafer said. The Trojan
cannot self-replicate, and recipients must be specifically targeted
by the virus writer.
The virus comes in the form of an executable file attached to an
e-mail message. If the user clicks on the file, they are presented
with a donation request form to fill out. The e-mail appears to
come from the Red Cross, United Way and the September 11 Fund. Once
the form is complete, the user's personal information is saved and
uploaded to a Web site not connected to any of the organisations
concerned.
Symantec said the Trojan virus does not let users close the
displayed form without filling in the requested information. But
the form can be closed by holding down the Ctrl+Alt+Del keys, then
selecting "end task". If the form has not been filled in, no
information will be sent to the virus creator.
The file size of the virus attachment is 518,144KBytes. If the
recipient views it in Microsoft's Outlook e-mail program, the
attachment will display a World Wide Web icon.
Although the Red Cross is not currently soliciting for donations
via e-mail, the organisation said it had sent out an e-mail message
to previous donors on 14 September. This message contained a link
to an official, secure online donation site.
In addition, the organisation said that when its nationwide
chapters and business partners send out fundraising e-mail
messages, the donor is directed to the American Red Cross's
official Web site, the Web site of one of its chapters, or to the
site of one of its online partners.
The Red Cross has advised people who receive the fraudulent e-mail
to delete it.