Posts Categorized: Stupid malware tricks


The WoW Catphishers are Biting

by

The body’s barely cold from last week’s BlizzCon, but the script kiddies who write phishing kits have been hard at work putting their best foot forward, crafting account-stealing code that targets gullible WoW players who want an early peek at the just-announced Cataclysm expansion. These Catphish pages, linked off of YouTube video postings that offer promises of early, exclusive access to the expansion, lift graphics and design characteristics directly from the pages hosted by Blizzard, the publisher of the WoW franchise. Unfortunately for the script kiddies making and hosting the pages, they’re making some of the most boneheaded mistakes imaginable. […]

Continue Reading »

How Phishers Target WoW Players

by

Yesterday, at the opening of our BlizzCon coverage, we showed you just how commonly phishers target WoW players by posting innocuous-looking links in message board or forums frequented by players. Today, we’ve produced a really short video that shows exactly how someone infects their computer with a phishing Trojan. As you can see in the video (even through the “censorship”), the page the victim eventually ends up on emulates the appearance of a Flash-video-based porn site. Every single link on the page links to the malware installer, which means that no matter where on the page the victim clicks, he […]

Continue Reading »

BlizzCon, Gamers, WoW Trojans, Oh My

by

Tomorrow morning, Blizzard Entertainment (the publisher of the wildly popular World of Warcraft franchise) will kick off another BlizzCon to show off their latest projects and directly interact with their fanbase. World of Warcraft will likely take center stage at the convention, which has become the venue of choice for Blizzard to unveil their newest expansion pack for the enormously popular online role-playing game. Here at Webroot we have our fair share of past and present WoW players. So we’re quite tuned in to the malware that plagues WoW and other online games. As the gaming market continues to grow […]

Continue Reading »

Koobface: Not Just for Facebook, Anymore

by

The latest generation of Koobface targets its particularly effective brand of social engineering at more social networks than ever. As the worm has evolved, we’ve seen it grow to encompass a pantheon of services, targeting more than just the widely publicized Facebook, MySpace, and Twitter, but a host of other Web sites where people meet and (apparently) post links of funny videos for one another to watch. To illustrate how pervasive the worm has become at propagation, we put together the video below. (And no, you don’t need to download some random codec to watch it, just Flash.) If you’ve […]

Continue Reading »

Rogues Impersonate Google, Firefox Security Alerts

by

In the past week, we’ve begun to see new fakealerts — those disturbingly effective, entirely bogus “virus warning” messages — that appear to impersonate the appearance and text of legitimate warning dialogs you might see while surfing with the Firefox browser, or searching Google. The dialog, in a stern, red dialog box on a gray background, reads “Warning! Visiting this site may harm your computer!” — a dialog that appears to be designed to evoke the look of a Google’s Safe Browsing advisory as displayed in Firefox. Cast as a kind of split between a warning message and a clickwrap […]

Continue Reading »

Steam Users Targeted by Phishers

by

A phishing campaign that started around the beginning of the year, targeting gamers who use Valve Software’s Steam network, continues unabated but with a twist: The phishers have registered dozens of domain names, such as trial-steam.tk or steamcommunity###.tk (where the ### can be a two or three digit number), which are used to host the phishing pages. The pages appear to be a “Steam Community” login page which looks identical to Valve’s Steam Community Web site. There are a few ways you can quickly identify whether you’re on the right page, or a fake. For one, the real Steam Community […]

Continue Reading »

Trojans Replace Windows System Files

by

When the threat research analysts here at Webroot recently started seeing malware swapping out legitimate components of Windows and replacing them with malware payloads, I couldn’t help but wonder what these malware authors were thinking. After all,  cybercriminals with a lick of sense know very well that messing with system files is dangerous juju. Such an act could, in the right (or should I say wrong) circumstances, render a PC inoperable, or at the very least, bogged down in crashes and instability. And for the authors of phishing malware, it would be incredibly thick-headed to do something to an infected system which […]

Continue Reading »

More Malware Trades on Tawdry Searches

by

By now, you’ve most likely heard about how an ESPN reporter was victimized, and that a surreptitiously recorded video was distributed online. You may also have read that malware distributors were taking advantage of the high level of interest in this video to rapidly disseminate malware by convincing people to click links to malicious Web sites, including a fake CNN lookalike site, to watch said tawdry video. Well, that first wave of malware was almost identical to the distribution we saw when Farrah Fawcett died a few weeks ago. Web surfers were urged to click a link to download a picture […]

Continue Reading »

AutoCAD Adware Trojans Target Techies

by

Every once in a while, you hear whispers or rumors about specially-crafted, targeted malware designed to steal a specific piece of data from a particular victim. The data thieves, in these limited cases, tend to be clever, thoughtful, and methodical in both the creation and deployment of their creations. Rarely do malware researchers encounter these files. But it does happen occasionally, and I thought I had stumbled upon one of these kinds of spies a few weeks ago. It’s a peculiar Trojan horse which has been written not as a standard Windows application, but as an ObjectARX application — an […]

Continue Reading »

Jackson/Fawcett Malware is Extortion-ware

by

As I reported yesterday, searches for information about the deaths of Michael Jackson or Farrah Fawcett were turning up links to malware. This came as no surprise to anyone, though the speed with which the links spread was astonishing: Within minutes of the first confirmation that Jackson had succumbed to a heart attack, the first malicious blog posts began popping up in search results. We’re continuing to monitor hundreds of malicious sites touting news of Jackson’s demise — and new malicious blogs are coming up as fast as the blog services can shut them off. The first site we encountered […]

Continue Reading »