Internet bandits exploit Middle East themes in Ramadan attacks

Throughout September, criminals deploying malicious software - commonly known as malware - set a number of traps for the unwary cloaked in themes that appeal to regional audiences.

Locally targeted examples of these problems include "WORM_SOHANAD.DJ", which comes wrapped in the promise users of Yahoo Messenger exclusive images from the war in Iraq. Instead of receiving the pictures, a computer worm is downloaded direct to the victim's computer, freeing it to cause subsequent damage to networks and systems.

In another move designed to target regional users, the website of the Syrian embassy in London, England was hacked into. Rogue components called IFRAME TAGS were added to its source code of the official site. In turn, web browsers were directed towards a malicious script, capable of downloading a Trojan, allowing the culprits to infiltrate targeted networks and machines.

"All of these potential problems can make a global impact," said Samir Kirouani, Technical Manager, Trend Micro Middle East and Africa. "UK applicants for Syrian visas could be snared in the same trap as Syrians wishing to visit London. What is needed is awareness in the region of how these hi-tech scams can be delivered."

Many of the basic malware functions are well-known to internet-savvy technology enthusiasts and professionals. What disturbs local experts is the ever-changing presentation of these familiar techniques so as to be fine-tuned to the interests of local audiences.

"For instance, the NUWAR worm has been around for some time, but was last month repackaged as an application for use by fans of NFL American football. As this sport has a limited following in this region, we received reports of the same toxic software being hidden inside an online greetings card," added Kirouani.

The team at Trend Micro Middle East are confident that the recent launch of a number of Trend Micro security products provides a bulwark against the changing web threat landscape. Simultaneously, they wish to encourage an expansion of awareness and precaution within the region's population that keeps pace with the explosive growth of local IT use.

These latest attacks follow on from events in August, when it was revealed that unscrupulous individuals were directing charitable donors, seeking to provide disaster relief, towards bogus websites. Once visitors arrived at a compromised or fraudulent internet address, it became possible to harvest personal details and passwords or surreptitiously take control of an individual computer.