Malware peddlers are known for using news of unfolding events as lures to trick curious users into clicking on an offered malicious link. This practice is most often seen on Twitter, which is used by many to keep tabs on the latest happenings in the world.
One of the latest examples of this approach has taken advantage of the users’ interest in news from the latest Virus Bulletin Conference that took place last week in Barcelona:
The link took them to a page serving a downloader Trojan (VB2011.exe) that tries to download another executable (Installation.exe).
According to Bitdefender, once this installer is launched the process cannot be stopped, and the machine is now open to additional infection from malware downloaded from other malware-laden domains.
But this particular attack is anything but stealthy. While the installation is ongoing, the Internet Explorer browser is made to open a number of pages with adware, gameware and adult content, and shortcuts to those pages are also placed on the desktop.
Since most of the people who are interested in news from the VB Conference are likely to be security professionals or at least security-minded individuals, such a bombastic invasion is sure to be noticed and dealt with immediately.
To my mind, there are only two explanations: either the malware peddlers haven’t really thought this thing through, or the blustering approach is meant to hide the installation of a piece of malware they are sure won’t be detected by the majority of AV solutions out there.
Needless to say, I hope it’s the former.