The Michael Jackson Malware

Viewing 5 reply threads
  • Author
    Posts
    • #3956
      Don Donzal
      Keymaster

      It’s inevitable now, with any high-profile news event that there will be spam and malware campaigns to take advantage of them. Thus it has been with the death of Michael Jackson.

      F-Secure reports that there have been a couple of malware campaigns and they show an example of one of them, which they detect as Trojan.Win32.Buzus.bjyo.

      There is nothing technically interesting about these attacks. They are mundane, pedestrian Trojan droppers. The one F-Secure writes up is a file named Michael-www.google.com.exe. This file has been distributed through photos-google.com and possibly also through photo-msn.org, facebook-photo.net and orkut-images.com. Don’t visit these sites.

      If you run Michael-www.google.com.exe it drops reptile.exe and winudp.exe, which are backdoor IRC bots, and which display a fake error message dialog box: “Picture cannot be displayed.”

      There have been others and there will be more and they’re not all worth writing about. The important thing is that you be skeptical of links and sites that play on hot news topics, especially from search engines, since we know well how these can be manipulated to serve malicious results.

      Original post:
      http://blogs.pcmag.com/securitywatch/2009/06/the_michael_jackson_malware.php

      Don

    • #25283
      KrisTeason
      Participant

      This doesn’t surprise me the least bit – the guys’ been gone for over a week now and he’s still in the news. He’s been on Yahoo’s top 10 searches for the past week or so. I wonder how many users have been affected by this trojan already; As usual thanks for the post don!

    • #25284
      UNIX
      Participant

      This was to be expected as it happens quite often with most famous persons and such things as crisis etc.
      Unfortunately people are often too naive and fail for it.

    • #25285
      former33t
      Participant

      Don,

      This just shows that there’s a sucker born every minute.  Users know not to execute remote files, but then forget about it when a celebrity dies?  I think I’d be prone to fire any users that fell for this.  For one they’re using company resources to research the Jackson death.  I’m guessing this is against policy.  How much leeway should you give a user who violates company IT policy and compromises the network at the same time?

    • #25286
      dalepearson
      Participant

      former33t,

      I think sadly you may be wrong. A person is smart, people are stupid.
      Users really dont seem to understand the risks, and this is why these forms of attacks, no matter how obvious they appear work time and time again. If it didnt people just wouldnt bother.
      We need to take control and keep on with user awareness and education. I dont think it will ever eliminate the risk, but it should help to reduce. We can also use technology to remove the risks, and policies to help inform and enforce.
      Keeps us in a job anyway 🙂

      @former33t wrote:

      Don,

      This just shows that there’s a sucker born every minute.  Users know not to execute remote files, but then forget about it when a celebrity dies?  I think I’d be prone to fire any users that fell for this.  For one they’re using company resources to research the Jackson death.  I’m guessing this is against policy.  How much leeway should you give a user who violates company IT policy and compromises the network at the same time?

    • #25287
      former33t
      Participant

      I agree with you that the tactic works.  This much is obvious.  Not only does it work, but it works again and again.  We do educate users and they walk out of the user education saying “of course I won’t download and execute unknown binaries.” 

      Then they inevitably find excuses to do so, defying all logic and common sense.  I personally believe that if management made examples of more people for violating IT policy, the problem would largely go away and you’d find yourself responding to only more sophisticated attacks.

      I don’t think there is any reason that after education (with periodic refreshing) that a user’s actions in downloading and executing a “Michael Jackson” executable is excusable.

      I’m glad it keeps me in a job, but there are some environments this shouldn’t be allowed to ever occur in.

Viewing 5 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?