Pandalabs Quarterly Report July-September 2007
PandaLabs, Today, we have released our Quarterly Report. Inside you will find interesting information regarding trends on malware. This time we include a comparative review of "Kits for installing malware", as they have become one of the most used tools for spreading malware. Also, we make a review of the state of the vulnerabilities landscape. A list of unpatched [...]
Having a bot is not a crime…yet
PandaLabs, Sometimes, after reading news you may be really shocked: Techie jailed due to an IP confussion. In this case, the information is not so deep, but we can extract a conclussion: be aware with your IP, you can be arrested (at least in Bangalore). But if we take a look to the latest information, [...]
Mac Trojan: OSX/RxPlug.A
PandaLabs, Today, we have found a Mac OS X trojan. It is usually said that only windows users should be worried by malware. As we show today, this is not true. It all starts with a lot of porn sites: ispfiltersporn.com land-porn.com lineporn.net look-porn.com play-porn.com playhardmovie.com playxvideo.com playxxxvideo.net porn-abc.com porn-contact.com porn-global.net porn-go.net porn-group.net porn-party.net porn-play.net [...]
It’s Halloween time, folks!
Ah! What a wonderful day, It is time for dwarfs, tombs, ghosts, sweets,pumpkins and of course malware.
We, at Panda Security, are getting used to be reminded of these special dates, when malware tries to benefit from a social event like this. In this case, a quite infamous malware already known as "Storm worm" aka "Nuwar" aka "Nurech" aka "Alanchum" wishes a good halloween by sending the usual lot of spam.
These messages carries different subjects:
If your in your office, keep the speakers low, lol
Happy Halloween
Dancing Bones
Halloween Fun
Watch him dance
This will make you laugh
You'll laugh your but off
Man this is funny
I am sending this to everyone
Have a Happy Halloween everyone
Party on this Halloween
Nothing is funnier this Halloween
Make him dance
Dancing skeleton
The most amazing dancing skeleton
For people with a sense of humor only
If your in your office, keep the speakers low, lol
To much fun I played with this for hours
Show this to the kids
Send this to your friends
Man this rocks
Inside the mesage we will find a link to a website, and a dosis of social engineering. You know, the usual "This is great", "Great fun","This is cool". We have seen several different messages, with different links to different sites.
If you navigate to the site you will see a…Dancing Skeleton. Funny isn't it? The site provides a download link, just in case you want the skeleton in your desktop.
If you follow the link, you will find a file called "Halloween.exe", guess what? It's MALWARE! If you run it, you will transform your beloved pc into a zombie one. To make your infection more entertaining a song will be playing on the background…[Update "Boom Boom Boom"(Venga Boys)]
Please be careful and Happy halloween!. Thanks to Xabier Francisco for gathering the information.
Spam & politics
Spam is really annoying, mainly because you may think spammers have a really bad image of you: lack of hair, lack of sexual abilities, lack of money, lack of university degrees, lack of girl/boyfriends… After all, they just try to cheat you and sell something in the best cases… if they are not trying to spread malware.
But we have now a new spam message: for politics. We had received a message that shows figures about a survey in Argentina. Last weekend they elected a new president, and the message claims “we are bad”. Who? Which party? Will the message try to modify the vote in some people? Will it try to increase the participation?
The message comes form a “gmail.con” domain, and it claims the survey has been done by “McKenzy Associates”, which domain is not valid: “mckenzyassociates.com” is not a valid domain name.
Regardless of the intention, we can classify it as a new spam message category: vote spam. So, PandaLabs can name it, following the costume of giving new names: it’s “vospam”. Wait for the next US elections, we will have more of them.
Thanks a lot to Fernando de la Cuadra for this post.