Friday, 11 January 2008

Benazir Bhutto Assassination Malware

Be very afraid when you see messages like this that tell you you need to download something to view a video or the like.


There's been a bit of discussion about malware-laced codecs recently and annoyingly enough within hours of the assassination of former Pakistani Prime Minister Benazir Bhutto, malware authors started capitalizing on this news to spread a new fake codec. This time it is purported to be an assassination video of the former PM.

On the McAfee Avert Labs Blog, Rahul Mohandas writes, "These malware authors attempt to social engineer users into believing they are downloading a legitimate codec for playing the video. At least 10 Blogger websites are observed to be hosting this fake video (at the time of writing this blog) which redirects the users to the typo-squatted domain containing fake codec . . ."

There are a plethora of websites which attempt drive-by installations when unsuspecting users visit websites returning search engine results for “Benazir Bhutto”. Many of these compromised webpages have malicious scripts injected into the webpage which points to the 3322 domain. These webpages contain obfuscated variants of the MS06-014 exploit which is perhaps one of the most popular of all the exploits we see on a daily basis.
This fake Trojan Codec is detected by the current DATS as
Puper. The downloaded exploit is detected as VBS/Psyme and the executable is detected as Generic Downloader.c

Judging by comments on the McAfee blog this trojan is very difficult to remove so y'all be carefull out there and make sure your OS and Anti-Virus is being updated on a regular basis.

2 gems of wisdom:

MICKY said...

Do you think the West Coast Eagles will win the Flag (2008). Have you been spending too much time at Scarborough Beach?

Did you know that Jesus Christ died on a cross, for your sins?

For God so loved the world that he gave his one and only Son,[a] that whoever believes in him shall not perish but have eternal life. - John 3:16


Protium said...

Don't care.
That's just a story.
That's dogma.


Thanks for reading have a nice day.