Angelina Jolie, Britney Spears and Barack Obama Comprise BitDefender’s Trojan of the Week
Monday, July 28, 2008
Spammers continuing to use sensationalized headlines to lure unsuspecting computer users
A new malware distribution scheme performed via spam messages aimed at tricking computer users to download and install malicious applications on their computers has been identified by BitDefender®, an award-winning provider of antivirus software and data security solutions, today.
The malware distribution campaign is based on news fragments involving Angelina Jolie, Britney Spears and Barack Obama. The e-mail messages direct unsuspecting users to a webpage that allegedly contains a video clip. However, upon visiting the compromised page, they are shown an image impersonating a video player, linking to a binary executable file.
In order to be able to watch the clip, users are advised to download an alleged update for Adobe’s popular Flash player, which turns to be infected with Trojan.Downloader.Tibs.GZM. Additionally, the binary file starts downloading automatically, a practice known as “drive-by download”, and this should be enough of a warning for the user about the file’s legitimacy. When executed, the Trojan installs other pieces of malware, including the infamous Trojan.Peed.JPU, used on large scale in the Storm botnet.
The new mail distribution campaign mostly targets computer users with limited knowledge of data security, as well as users who would deliberately ignore the common safety rules in order to gain access to sensational news.
“These e-mail messages are part of a larger wave that attempts to infect the user with miscellaneous Trojans,” said Bogdan Dumitru, BitDefender’s chief technology officer. “Initially designed as messages with a single structure, the number of variants quickly escalated to three: a category including a single-part, plain text body, another one with a HTML part, and a third category that uses the Opera Mail Client templates.”
In order to increase the success rate of the attack, the spammer uses a series of catchy keywords that are displayed alternatively inside the message body. Despite the fact that each message uses different fake news flashes and headlines, all of them send the user to an URL that ends with either stream.html or watchit.html.
Although the approach is extremely similar to a previous spam campaign involving Angelina Jolie and Michael Jackson, the pieces of malware and their hosting servers have been changed. The new Trojan has been repacked
with another utility in order to avoid detection.
BitDefender’s professional security solutions are currently filtering and detecting both the spam message and the malicious code the „install_flash_player_update” binary is infected with (Trojan.Downloader.Tibs.GZM). In order to enjoy a safe experience while surfing the web, BitDefender recommends that users install a complete anti-malware protection solution.
The malware distribution campaign is based on news fragments involving Angelina Jolie, Britney Spears and Barack Obama. The e-mail messages direct unsuspecting users to a webpage that allegedly contains a video clip. However, upon visiting the compromised page, they are shown an image impersonating a video player, linking to a binary executable file.
In order to be able to watch the clip, users are advised to download an alleged update for Adobe’s popular Flash player, which turns to be infected with Trojan.Downloader.Tibs.GZM. Additionally, the binary file starts downloading automatically, a practice known as “drive-by download”, and this should be enough of a warning for the user about the file’s legitimacy. When executed, the Trojan installs other pieces of malware, including the infamous Trojan.Peed.JPU, used on large scale in the Storm botnet.
The new mail distribution campaign mostly targets computer users with limited knowledge of data security, as well as users who would deliberately ignore the common safety rules in order to gain access to sensational news.
“These e-mail messages are part of a larger wave that attempts to infect the user with miscellaneous Trojans,” said Bogdan Dumitru, BitDefender’s chief technology officer. “Initially designed as messages with a single structure, the number of variants quickly escalated to three: a category including a single-part, plain text body, another one with a HTML part, and a third category that uses the Opera Mail Client templates.”
In order to increase the success rate of the attack, the spammer uses a series of catchy keywords that are displayed alternatively inside the message body. Despite the fact that each message uses different fake news flashes and headlines, all of them send the user to an URL that ends with either stream.html or watchit.html.
Although the approach is extremely similar to a previous spam campaign involving Angelina Jolie and Michael Jackson, the pieces of malware and their hosting servers have been changed. The new Trojan has been repacked
with another utility in order to avoid detection.
BitDefender’s professional security solutions are currently filtering and detecting both the spam message and the malicious code the „install_flash_player_update” binary is infected with (Trojan.Downloader.Tibs.GZM). In order to enjoy a safe experience while surfing the web, BitDefender recommends that users install a complete anti-malware protection solution.
About BitDefender®
BitDefender is the creator of one of the industry's fastest and most effective lines of internationally certified security software. Since our inception in 2001, BitDefender has continued to raise the bar and set new standards in proactive threat prevention. Every day, BitDefender protects tens of millions of home and corporate users across the globe — giving them the peace of mind of knowing that their digital experiences will be secure. BitDefender solutions are distributed by a global network of value-added distribution and reseller partners in more than 100 countries worldwide. More information is available on our security solutions' site.