Terrorist threats hide virus

A new virus is spreading by email in Malaysia, combining threats of terrorist plans and a Trojan horse virus.

Victims receive an email that claims to warn of five planned terrorist attacks, with the times and places leaked by an anonymous Malaysian government source. The email's subject line is "Urgent message to all citizens of Malaysia", and the email says it seeks to minimise the number of terrorist victims by spreading the terrorist attacks information, reported the Star, a Malaysian daily.

Inside the email is an embedded link that purports to link to a site with important information regarding the attacks. However, the Malaysian Computer Emergency Response Team (myCERT) said that clicking on the link instead installs three malicious files that appear to be Trojan horse virus files and adds a new key to the computer registery. Then the virus attempts to connect to three internet hosts set by the virus. MyCERT's website said the virus was similar to the Backdoor.Tofger Trojan horse reported in early December 2003.

MyCERT also said that the three internet hosts to which the virus attempts to connect could have had their security compromised already, reported the Star. MyCERT has already notified the three hosts' system administrators.

The MyCERT website has instructions on how to remove the virus.

Some viruses have used the lure of pornography to get victims to activate malicious attachments. The Malaysian virus combines current terrorist fears with the Trojan horse virus, and may also combine criminal laws. The perpetrators would be liable for the virus itself, but under Malaysian law, including Malaysia's harsh Internal Security Act, could also be held responsible for the crime of rumour-mongering.

Arrests and detentions under email rumour-mongering have occurred previously in Malaysia, said the Star. 10 people were arrested a year ago in December 2002 for allegedly spreading an email about planned bombings in Malaysia's capital, Kuala Lumpur, and four people were detained in 1998 for emails that claimed there had been religious riots in Kuala Lumpur. The penalties for spreading false reports or false statements that are likely to cause public alarm are a fine of up to $263 (£148) and up to a year's jail.

The Star said that MyCERT officials had not yet confirmed whether the Malaysian police had been notified of the terrorist virus email.