Trojans use Bin Laden's Death, Royal Wedding To Dupe The Unsuspecting

rated by 0 users
This post has 9 Replies | 1 Follower

Top 10 Contributor
Posts 26,159
Points 1,185,255
Joined: Sep 2007
ForumsAdministrator
News Posted: Mon, May 2 2011 2:20 PM
Security firms have issued fresh warnings against malicious trojans in the wake of Osama bin Laden's death and the wedding of England's Prince William. Malware authors have already seized on both events as bait for their own malware hooks and are using the promise of unseen photos/video to snare the unwary. This type of attack and the speed with which it's organized have become commonplace in recent years—when the former Prime Minister of Pakistan, Benazir Bhutto, was assassinated, trojans baited with information regarding her appeared within 24 hours. Since then, hurricanes, elections, and holidays have all been variously tapped as attack vectors.

According to Fabio Assolini, a lab expert with Kaspersky, poisoned search results purporting to show bin Laden's corpse began appearing within Google Image results within hours of the formal announcement. Clicking on such images transfers the user to a hostile domain where the much-loved "Antivirus XP" (currently billing itself as Best Antivirus 2011) pops up and attempts to convince users that they've contracted a virus. The other major vector is flash-based and a bit more subtle. Instead of attempting to lure the user into an anti-virus scan, it shows a broken video window and claims that a necessary plugin must be updated or installed. Users who then click are handed XvidSetup.exe, a seemingly legitimate file that installs an adware trojan known as hotbar.


Google image search. The lower-left hand result isn't just Photoshopped--it's infected.

Kaspersky Labs also reports that bin Laden-infected trojans are spreading via Facebook via the 'Like' button, with promises of free food, plane tickets, or a donkey. Multiple users spam pages with a URL redirect claiming such goodies are a click away, but provide a TinyURL address that bounces users from page to page until they eventually register an email address and eventually pay money.

These unsophisticated social attacks work because they take advantage of a user's sense of security. This is doubly true on Facebook where people are used to seeing short messages from their friends that link to all manner of games, photos, or random statements. Under such circumstances it's not surprising that a number of otherwise-savvy computer users are willing to click on malicious links and follow the trail. These abuses are effective precisely because they take advantage of our curiosity regarding the macabre and our willingness to trust people we consider friends--even by minimal Facebook standards.

On a positive note, it doesn't seem as though the malware programs are anything new. The trojans in question are hotbar (an adware tool) and Trojan.Win32.FakeAV.cvoo. Both of these are already detectable (though hotbar is only picked up on 19 of the 41 engines available at VirusTotal.com). We recommend readers steer well clear of Google Image and Facebook groups on either topic, and pass the word to friends/relatives to do the same.
  • | Post Points: 140
Top 25 Contributor
Posts 3,795
Points 40,670
Joined: Jan 2010
Location: New York

Thats why i didn't care about neither events :P. i did google laden's death but i only clicked on news articles from official sites :)

  • | Post Points: 5
Top 50 Contributor
Posts 2,865
Points 29,645
Joined: Mar 2011
Location: United States, Connecticut

Typical of scammers... This is why it is so important to pay attention to what links you are clicking on. I really wish that Google images had a way to scan the links they index on there site. More and more people have been getting rogueware at my job from doing Google Image searches. Though at home its the bread and butter of my side work since I can usually clear them up in about 15 minutes.

  • | Post Points: 5
Top 100 Contributor
Posts 1,016
Points 10,925
Joined: Dec 2010
Location: Mcallen, Texas
OSunday replied on Mon, May 2 2011 8:14 PM

Ridiculous, scammers are idiots which is why idiots only fall for their scams.

(*Sarcasm*)

Its surprising how many people do fall for things like that, although can you blame with when "winning a donkey is just a click away!"

Who could turn down a chance for a free donkey?!

  • | Post Points: 5
Not Ranked
Posts 324
Points 4,305
Joined: Nov 2010
Location: Perth Amboy, New Jersey

@ Joel

Is that Google Search Snippet from your own search? I didn't know you knew Portuguese!!

i7-950@3.8 + Asus Sabertooth X58+ CM692 Advanced+ 6GB A-Data Gaming DDR3@1600

ATI Radeon 6870+ 1TB Hitachi HD+ 750w Modular PSU + Asetek Liquid Cooler + DigitalStorm PC  

YesThanks To HotHardware.ComYes

  • | Post Points: 5
Top 200 Contributor
Posts 350
Points 2,325
Joined: Mar 2011
Moderator
HHGrrl replied on Mon, May 2 2011 10:40 PM

The part that worries me most about these threats are when they're hidden behind shortened URLs and you have no clue what you're getting into. Just goes to show you have to be careful what you click on!

  • | Post Points: 5
Top 100 Contributor
Posts 1,099
Points 13,965
Joined: Jun 2010
fat78 replied on Mon, May 2 2011 10:58 PM

What worries me about this is friends clicking on it and having to clean it off or worse family members click on it and information is givin out.

"if it looks to good to be true, you are probably not going to get that free car."

  • | Post Points: 5
Top 25 Contributor
Posts 3,795
Points 40,670
Joined: Jan 2010
Location: New York
Inspector replied on Mon, May 2 2011 11:46 PM

People on facebook are either being hacked or they fell for a scam and it spreads. My friends facebook had a link on his status about him and i clicked it thankfully my antivirus blocked it.

  • | Post Points: 5
Top 50 Contributor
Posts 2,381
Points 31,040
Joined: Nov 2010
Location: Crystal Lake,IL
rrplay replied on Tue, May 3 2011 11:31 AM

my ex wife speaks Portuguese fluently maybe I'll give her a call ?........Not today !

"Don't Panic ! 'cause HH got's your back!"

  • | Post Points: 5
Top 50 Contributor
Posts 2,865
Points 29,645
Joined: Mar 2011
Location: United States, Connecticut

Damn shortened URL's... Makes me want to surf the internet on a Virtual machine more than ever.

  • | Post Points: 5
Page 1 of 1 (10 items) | RSS