This currently active IM malware campaign is yet another indication that the “don’t click on executable files” security tip is on the verge of irrelevance. Social engineering, however, isn’t, since impersonating ImageShack to serve fake images which are in fact trojans turning the infected hosts into zombies is a well coordinated social engineering campaign combining several difference tactics.The real ImageShack site is imageshack.us, however, the malware authors are impersonating ImageShack and using imageshaack .org, in particular imageshaack.org /img/Picture275.jpg, which is where the malware is. Once the user gets infected with the malware, Backdoor.Win32.SdBot.eiu in this case, the host joins an IRC channel where the botnet masters continue issuing commands for the campaign to spread, like the following :
!msn.msg lool!! :D http ://imageshaack.org /img/Picture275.jpg |!trition.msg lool!! :D http ://imageshaack.org/img /Picture275.jpg topic set by Everglades on Wed Jun 11 15:41:57
“!msn.msg Haha is that you;)? http ://imageshaack.org /img/Picture275.jpg?|!trition.msg http: //imageshaack.org/img /Picture275.jpg
Until the site gets shut down, consider being extra vigilant on IM messages received, and while this is a bit more creative social engineering attack then the majority of average ones I’ve seen this month, non-executable files are apparently just as dangerous as executable ones.
Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and E-crime incident response. Dancho is also involved in business development, marketing research and competitive intelligence as an independent contractor. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community on a daily basis.
No comments:
Post a Comment