Malware week in review: social networking and hot chick video worms
This week’s PandaLabs report looks at the Boface.A worm, and the Nabload.DIK TR and Exchanger.T Trojans. Boface.A spreads through social networks (MySpace and Facebook) by publishing comments that seem to refer to YouTube videos, but actually take users to web pages where they will get infected.
To do this, the worm inserts a link in comments posted on both networks to take users to a fake web page that resembles the actual YouTube site. When the user tries to watch the video they are encouraged to install the latest Flash Player version. However, if they do so, they will be actually letting a copy of the worm into their computers.
Nabload.DIK tries to trick users by playing a video of the playboy girl Kelly Key, while it downloads banker malware in the background in order to run and install it on the infected system. Once installed on the computer, the process.exe and orkut.exe files run silently waiting to collect the user’s banking data.
Nabload.DIK uses the following link to avoid raising suspicion while the infection takes place.
Exchanger.T is a Trojan that reaches systems via email in messages like these: “Madonna admits to extra marital affair”, “Dog killed by stray golf ball”, “McCain goes out on negative campaign against Obama”, etc.
These messages include a link to an URL that supposedly takes victims to the news story. However, on accessing it, users are advised to download an Adobe Flash Player update to watch it. However, the user will actually install Trj/Exchanger.T, a Trojan designed to download the Application/AntivirusXP2008 malware to the infected computer. This malware is a fake antivirus (“Antivirus XP 2008” ) which sends out spam messages to spread the infection.