Top malware topics: The Da Vinci code and the 2006 World Cup

In the first half of 2006 we have witnessed numerous examples of phishing attacks, viruses, spyware, banker Trojans, etc. But above all, two events stood out and attracted the attention of users worldwide: a possible virus for cellphones that uses the Da Vinci Code as bait and the 2006 World Cup finals in Germany.

The first case hit the headlines on May 24, when Indian media reported the infection of a cellphone. Mridul Sharma, while giving a corporate presentation, had received a message on his phone: “Receive message via Bluetooth from Da Vinci Code?”

Thinking it might be an MMS clip or a still related with film, he didn’t think twice: he accepted the message. His telephone immediately lost all its data and ceased to work. The screen just displayed an image of a pupil with a cross reflected in it.

The news spread around the globe arousing interest of users. However, despite all the attention, it has yet to be confirmed whether this was real or not, as the antivirus community has not received a sample or been able to analyze it.

On the other hand, the opening ceremony of the XVIII edition of the FIFA World Cup finals took place in Munich, Germany on June 9.

Use of the 2006 World Cup finals in social engineering techniques is nothing new, in fact it was going on for a long time before the event started. As early as May 2005, the Sober.V email worm included messages claiming to offer tickets to the games, in an attempt to get users to run an attached file. Other later variants also used this theme.

At the beginning of May 2006, a backdoor Trojan belonging to the Haxdoor family was being distributed widely via email. The message, written in German, used the World Cup finals as bait, supposedly giving access to a program that offered real-time information about matches of the team selected by the user. No vulnerabilities or advanced techniques were used, the Trojan was simply downloaded from the Internet and run by the user.

At the end of May, we once again encountered a veteran threat. PandaLabs detected the propagation of three different variants of the Banwarum email worm. These variants of Banwarum are really no different from other worms in existence: they create Windows registry entries to ensure they are executed automatically; they access several URLs to download malware; they spread via email to addresses gathered from the infected computer but avoiding those related to security companies-¦ Nothing out of the ordinary so far.

However, the email messages themselves (crucial in order for the worm to spread widely) also exploit the subject of the World Cup finals, offering free tickets for games. And once again, with messages written in German. Perhaps this last factor explains the limited number of users who were affected by Banwarum.

Finally, on June 20, Sixem.A, another email worm using this theme, was detected. The messages, written in English, make no direct reference to the matches or to tickets. In fact, they refer to photographs of violent abuse of adolescents or a nudist World Cup.

These kinds of subjects are often used to propagate emails carrying Trojans. Other recent subjects used for this kind of social engineering include: photographs of Milosevic, of Michael Jackson during his trial, latest news about Arafat, etc.

Source: Panda Software.

Don't miss