PandaLabs Reports on the Use of Famous Names as Bait to Spread Malware
Using famous names as bait to spread malware is becoming increasingly
widespread. The names used normally relate to people who, for one
reason or another, are currently in the news. In recent months, several
names of well-known people have been used by cyber-crooks to trick
users.
George
Bush, the US President, appears frequently according to PandaLabs.
Worms such as MSNDiablo.A, Nuwar.A and Wapplex.C all spread via email
or IM in messages offering users caricatures or videos of President
Bush.
A lot of malware typically employs a more seductive
approach. The Piggy.A worm, for example, spread in messages claiming to
offer photos of celebrities such as Carmen Electra or Britney Spears,
while the Haxdoor.PL backdoor Trojan claimed to offer users pictures of
Angelina Jolie and Nicole Kidman naked. Another worm, Mops.A, enticed
users with Paris Hilton and Nicole Richie.
"This is a typical
social engineering technique. Users are persuaded to open an enticing
file containing malware or to click on a link pointing to an infected
file, in this case with the bait of celebrities´ pictures", explains
Luis Corrons, Technical Director of PandaLabs.
Music has also
been used in social engineering. TelnetOn.A is one of the most
notorious 'musical worms' that spreads through P2P programs. It does
this by copying itself to shared folders under names such as
Eminem.exe, Evanescence.exe or Linkin Park.exe. When unwary users
download one of these files, instead of music they will actually be
installing a copy of the worm.
It is not just celebrities that
have been used by malware. Saddam Hussein and Osama Ben Laden, for
example, have been used by several variants of the Bobax family in
order to spread. "Even Adolf Hitler has been used by malware creators
to distribute malicious code. The malware in question, Saros.C, is a
worm that has also used figures such as Bill Gates or Pamela Anderson",
says Corrons.
Fictional characters also make an appearance. One
of the most frequently used is Harry Potter, whose name has been used
to distribute worms such as Hairy.A or Harrenix.A. Even Mario Bros and
Lara Croft, from the famous videogames, have recently been recruited by
malicious code (RogueMario.A and Downloader.PSJ) in order to spread.
"For
this reason users should be wary about seemingly attractive items that
arrive via email or instant messaging, and delete these types of
messages without opening files or clicking on links", advises Corrons.