2 March 2014

SRA virus - information and advice.

Last week, Solicitors all over the UK received an email purporting to be from the Solicitors' Regulatory Authority (SRA). The email was quickly identified as spurious and very possibly harbouring a virus of some sort.

Two or three days later, although many people had posted warnings about the letter on the web, nobody appeared to have analysed the threat, nor could I find any technical details on the websites of the main internet security companies.

As a result, A222 decided to make their own investigation. Two of my customers have received the email and I am grateful to Andall-Legal forwarding me a copy for analysis purposes.

  • The email contains an attachment : a Word document called sra.docm.
  • This does contain a virus, actually a Trojan* called Win32/Injector.AYKU 
  • Antivirus programs fail to spot the infected mail because it is disguised.
  • PCs are vulnerable. 
  • MACs look as if they could get infected but the trojan may be ineffectual.
  • Trojan was intercepted by the ESET anti-virus when it tried to do anything. Other anti-virus programs might or might not be so vigilant.
  • Trojan was only detected in February and it's exact effect is not yet documented.
  • Although this particular trojan was identified, other instances of the email might contain a different trojan or virus.
(* viruses can reproduce and spread, trojans cannot) 

  • If you haven't opened the attachment then no problem.
  • If you've previewed it in Outlook 2007/2010/2013/365 or via a web browser then no problem. If you've previewed it in earlier Outlook or any other program then please contact us for advice (see below).
  • If you opened the attachment then you may still be safe but further analysis is required. Do please contact us for advice.
  • Do NOT delete the email - a copy will be needed for analysis.
  • Initial tests suggest that Word 2003 is not vulnerable but later versions are at risk.
A222 may be contacted on 020 8 662 1124 or via sra@a222.co.uk


No comments:

Post a Comment