Archive for October, 2007
It’s Halloween time, folks!
Ah! What a wonderful day, It is time for dwarfs, tombs, ghosts, sweets,pumpkins and of course malware.
We, at Panda Security, are getting used to be reminded of these special dates, when malware tries to benefit from a social event like this. In this case, a quite infamous malware already known as "Storm worm" aka "Nuwar" aka "Nurech" aka "Alanchum" wishes a good halloween by sending the usual lot of spam.
These messages carries different subjects:
If your in your office, keep the speakers low, lol
Happy Halloween
Dancing Bones
Halloween Fun
Watch him dance
This will make you laugh
You'll laugh your but off
Man this is funny
I am sending this to everyone
Have a Happy Halloween everyone
Party on this Halloween
Nothing is funnier this Halloween
Make him dance
Dancing skeleton
The most amazing dancing skeleton
For people with a sense of humor only
If your in your office, keep the speakers low, lol
To much fun I played with this for hours
Show this to the kids
Send this to your friends
Man this rocks
Inside the mesage we will find a link to a website, and a dosis of social engineering. You know, the usual "This is great", "Great fun","This is cool". We have seen several different messages, with different links to different sites.
If you navigate to the site you will see a…Dancing Skeleton. Funny isn't it? The site provides a download link, just in case you want the skeleton in your desktop.
If you follow the link, you will find a file called "Halloween.exe", guess what? It's MALWARE! If you run it, you will transform your beloved pc into a zombie one. To make your infection more entertaining a song will be playing on the background…[Update "Boom Boom Boom"(Venga Boys)]
Please be careful and Happy halloween!. Thanks to Xabier Francisco for gathering the information.
Spam & politics
Spam is really annoying, mainly because you may think spammers have a really bad image of you: lack of hair, lack of sexual abilities, lack of money, lack of university degrees, lack of girl/boyfriends… After all, they just try to cheat you and sell something in the best cases… if they are not trying to spread malware.
But we have now a new spam message: for politics. We had received a message that shows figures about a survey in Argentina. Last weekend they elected a new president, and the message claims “we are bad”. Who? Which party? Will the message try to modify the vote in some people? Will it try to increase the participation?
The message comes form a “gmail.con” domain, and it claims the survey has been done by “McKenzy Associates”, which domain is not valid: “mckenzyassociates.com” is not a valid domain name.
Regardless of the intention, we can classify it as a new spam message category: vote spam. So, PandaLabs can name it, following the costume of giving new names: it’s “vospam”. Wait for the next US elections, we will have more of them.
Thanks a lot to Fernando de la Cuadra for this post.
A new way of social engineering
Sometimes, when we speak about social engineering, we think about people at the other side of the phone trying to get our passwords to gain unauthorized access to our accounts. When this data is in their hands, panic spreads: intrusion on companies, espionage, identity theft…all the classic goals of this kind of attacks.
But let’s not forget the underlying reason of social engineering. Therefore, I particularly like the following definition, which I think is the essence of these attacks: “the art and science of getting people to comply with your wishes”.
Under the premise of this thinking, this week at PandaLabs we have discovered a new way to apply this concept. It is very simple and pleasant. You receive a small application on your desktop that shows a woman offering you a striptease.
How can we take off this woman’s clothes? Just typing a few letters displayed next to the girl as we can see in the following image:
Hmmm, can you recognise this kind of image? Yes, it’s a captcha (Completely Automated Public Turing Test to Tell Computers and Humans Apart) image. Now, look at yourself, you are a human automated captcha reader. If you type the correct interpretation of the image, you are sending the information necessary to break the protection of the targeted site. This attack could be used to create massive mail accounts, for comment posting… for all the services that use captchas to authenticate a person instead of a computer. In this particular case, the captchas were from Yahoo.
A sample of this client side application is detected as Trj/RompeCaptchas.A, whose translation is Captcha Breaker.
Thanks a lot to Unai Fernández & Francisco Berenguer for this post.