Industry News

Government Gateway attack attempts to spread malware, with a little help from a body builder

If you live in the UK, chances are that you may find yourself using the Government Gateway website.

The Government Gateway website, which resides at www.gateway.gov.uk, is the central portal that British citizens can use for any number of government services.

Whether you’re filing your self assessment tax return, replacing your driving license, or allocating ear tags for sheep and goats (yes, really…) then the Government Gateway is the natural port of call for internet-savvy Brits.

Because of this, of course, users who receive an email from the Government Gateway tend to pay attention to it, and may feel duty bound to do what it says – certainly more so than an email coming from, say, an online bank where they don’t even have an account.

Online criminals have been known to take advantage of this, of course, and in recent days have launched a malicious spam campaign that has adopted the disguise of an official UK government communication.

Part of the email, which is illustrated with official UK Government logos, reads as follows:

Electronic Submission Gateway

Thank you for your submission for the Government Gateway.
The Government Gateway is the UK’s centralized registration service for e-Government services.

To view/download your form to the Government Gateway please visit http://www.gateway.gov.uk/

Clicking on the link, however, would be a very bad idea – as it doesn’t really take you to the Government Gateway website but instead to a third-party webpage where you will be prompted to download a file called GatewaySubmission.zip.

It will be no surprise to regular readers of Hot for Security to hear that the contents of the ZIP archive are not an innocent government form, but instead an executable file designed to infect and compromise Windows computers.

Bitdefender anti-virus products detect the malware as Trojan.GenericKD.1876074.

It’s hardly the most sophisticated attack in the world, but it doesn’t need to be. Malware campaigns like this have been seen to catch out innocent computer users time and time again.

What surprises me is that threats like this can still succeed even when there are obvious clues to users who have their wits about them.

For instance, take a look at that sample email again.

See the from: address? You should ask yourself, how likely is it that a genuine UK Government communication would be sent to you from an email address that suggests the sender is into body building?

I guess we should be grateful that on this occasion, the hackers made an elementary mistake. After all, it would have been child’s play for them to have forged the email’s header information to make it look like it really had come from the UK government, at least to the casual observer.

Make sure to keep your anti-virus software up-to-date, your computer systems patched, and your eyes open to the risks of unsolicited emails and odd activity.

About the author

Graham CLULEY

Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.

1 Comment

Click here to post a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.