Blue Coat has identified a new malware trick just in time for Halloween. Unsuspecting victims are redirected to one of two malware sites after searching for Halloween related sites. These distribution sites are typically used for hosting of warez, pirated digital content, but have been switched to malware distribution in the past 12 hours.
Blue Coat has identified a new malware trick just in time for Halloween. Unsuspecting victims are redirected to one of two malware sites after searching for Halloween related sites. These distribution sites are typically used for hosting of warez, pirated digital content, but have been switched to malware distribution in the past 12 hours.Here is how it works: a user searches for Halloween information, such as "Halloween costumes". The search results link to a page with the keywords Halloween costumes, but this page is not the treat the user was searching hoping for. The page, hosted through a hacked blog, redirects the user to a malware distribution site where the user is presented with a download for halloween-costumes-to-play-40064.exe.
The malware author is presenting the user with an .exe that includes the search terms in the name hoping the user will download and run it. Appended to the search term is the phrase "to-play" and a version number. Due to the term "to-play", Blue Coat believes the malware author's original intent was to target searches for Halloween music. Other malicious query results detected by Blue Coat include:
It is important to note that these file names are always constructed based on the original search terms so they will change search by search and the malware author could change the appended text and version number.
Once downloaded, the application executes connections to other sites in order to download more malware allowing the malware author to continue with his intended plan. At this time little is known about the malware other than it is 102kb in size and its primary function is to download other malware.
To avoid falling prey, a few steps can be taken. First, if you are searching for music an .exe file is probably not the type of file you expect, so disregard and do not download it. Next, in this case, the phrase "to-play" is always added to the file name, avoid those downloads.
At the time of detection by Blue Coat, no anti-virus vendor identified the binary as malware. Sophos has since updated their signatures and identified this as a variant to the week old Mal/Krap.A.
Blue Coat suspects this is a sign of things to come as we enter the Christmas and New Year holidays. As people search for new toys, new year party ideas, and other related terms, they believe we will see more targeted threats and downloads named to trick the end user.
Make it a happy Halloween and do not be fooled by these tricksters. This warning is a Halloween treat from Blue Coat and InformationWeek.
The Agile ArchiveWhen it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
2014 Analytics, BI, and Information Management SurveyITís tried for years to simplify data analytics and business intelligence efforts. Have visual analysis tools and Hadoop and NoSQL databases helped? Respondents to our 2014 InformationWeek Analytics, Business Intelligence, and Information Management Survey have a mixed outlook.
Top IT Trends to Watch in Financial ServicesIT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Join us for a roundup of the top stories on InformationWeek.com for the week of September 25, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."