[an error occurred while processing this directive]
BBC News
watch One-Minute World News
Last Updated: Friday, 31 March 2006, 10:23 GMT 11:23 UK
BBC used to entice cyber victims
Computer user
The e-mails direct users to a fake BBC News website
People are being warned about spam e-mails containing BBC News stories designed to trick them into visiting malicious websites.

Cyber criminals are using the messages to exploit a recently discovered flaw in Microsoft's Internet Explorer.

If users click on the link, they are taken to a fake website that installs a piece of software that can monitor online financial activity.

People who receive the e-mails are advised to not follow the link.

The alert, from security firm Websense, comes less than a week after security firms found three flaws in the popular browser.

Spoof sites

The new threat takes advantage of one of these vulnerabilities.

The fake e-mails entice readers with excerpts from current BBC news stories and include a link to "Read More".

When the user clicks on the link they are directed to a spoofed BBC news website that installs a piece of software known as a keylogger.

We have had people creating spoof pages of our site before
Steve Herrmann, BBC News website editor
"The keylogger monitors activity on various financial websites and uploads captured information back to the attacker," said the Websense alert.

Other websites known to exploit the bug can install spyware and Trojan horses on unprotected computers.

Using global brands like the BBC to lure people to malicious websites is common practice according to Mark Murtagh, technical director of Websense.

"We saw a similar approach last year after Hurricane Katrina with e-mails sending requests for help purportedly from the Red Cross," he told the BBC News website. "We are also already seeing the World Cup brand being used in the same way".

Taking down sites

This is not the first time the BBC's name has been used by malicious hackers.

"We have had people creating spoof pages of our site before," said Steve Herrmann, editor of the BBC News website.

"But using them in this way to attack people's online security is particularly troubling to us and a cause for serious concern."

Security firms say hundreds of web links are trying to catch people out using the loophole.

On Microsoft's security blog, the company said it had been very active in working with the law enforcement to take down malicious websites.

Microsoft said it would produce patches for the vulnerabilities in its next security update due on 11 April.

However these could be released earlier if the threat grows significantly. For now, two firms, eEye Digital Security and Determina, have separately produced software patches that close this loophole.




SEE ALSO:
Bad web browser bug gets patched
29 Mar 06 |  Technology
Microsoft warns on browser bugs
27 Mar 06 |  Technology
European phishing gangs targeted
20 Mar 06 |  Technology
Microsoft tackles security rivals
09 Feb 06 |  Technology
'Limited' damage from Nyxem virus
03 Feb 06 |  Technology
New year brings fresh security fears
27 Jan 06 |  Technology


RELATED INTERNET LINKS:
The BBC is not responsible for the content of external internet sites



PRODUCTS AND SERVICES

Americas Africa Europe Middle East South Asia Asia Pacific