Topics:
Analytics : Security
Blue Coat Identifies Halloween Trick
Here is how it works: a user searches for Halloween information, such as "Halloween costumes". The search results link to a page with the keywords Halloween costumes, but this page is not the treat the user was searching hoping for. The page, hosted through a hacked blog, redirects the user to a malware distribution site where the user is presented with a download for halloween-costumes-to-play-40064.exe. The malware author is presenting the user with an .exe that includes the search terms in the name hoping the user will download and run it. Appended to the search term is the phrase "to-play" and a version number. Due to the term “to-play”, Blue Coat believes the malware author’s original intent was to target searches for Halloween music. Other malicious query results detected by Blue Coat include: Regis-and-kelly-hallween-show-2009-to-play-40064 It is important to note that these file names are always constructed based on the original search terms so they will change search by search and the malware author could change the appended text and version number. Once downloaded, the application executes connections to other sites in order to download more malware allowing the malware author to continue with his intended plan. At this time little is known about the malware other than it is 102kb in size and its primary function is to download other malware. To avoid falling prey, a few steps can be taken. First, if you are searching for music an .exe file is probably not the type of file you expect, so disregard and do not download it. Next, in this case, the phrase "to-play" is always added to the file name, avoid those downloads. At the time of detection by Blue Coat, no anti-virus vendor identified the binary as malware. Sophos has since updated their signatures and identified this as a variant to the week old Mal/Krap.A. Blue Coat suspects this is a sign of things to come as we enter the Christmas and New Year holidays. As people search for new toys, new year party ideas, and other related terms, they believe we will see more targeted threats and downloads named to trick the end user. Make it a happy Halloween and do not be fooled by these tricksters. This warning is a Halloween treat from Blue Coat and InformationWeek. Want other breaking news? Follow Adam on Twitter: @adamely « WhiteHouse.gov Drupal Detractors Get Buggy | Main | New Project Takes Aim At Web Vulnerabilities » |
| Sign Up Now For InformationWeek News Alerts |
This is a public forum. United Business Media and its affiliates are not responsible for and do not control what is posted herein. United Business Media makes no warranties or guarantees concerning any advice dispensed by its staff members or readers.
Community standards in this comment area do not permit hate language, excessive profanity, or other patently offensive language. Please be aware that all information posted to this comment area becomes the property of United Business Media LLC and may be edited and republished in print or electronic format as outlined in United Business Media's Terms of Service.
Important Note: This comment area is NOT intended for commercial messages or solicitations of business.
