2007.02.16
Malware on the Fly
Apparently, rogue servers listening on the p2p Kad network intercept the search terms of queries and generate on the fly appropriate file names linking to files that contain malware.
For a example, a random search term, like "give me malware", will return the following file names.
give me malware_fastest_BitTorrent_downloader.exe give me malware_Web_Hottest_Videos_Personal_Player.exe give me malware_ShareAccelerator.exe give me malware_using_emule_multimedia_toolbar.zipAs the image below demonstrates, the availability of these files is also doctored to look artificially high. (Yes, I know that one shouldn't use unknown servers.)
Two virus scanners didn't find anything suspicious in the files. Specifically, I run Clamwin and Vasilis Prevelakis Symantec antivirus without obtaining any warnings. However, Panagiotis Louridas running Avira AntiVir suceeded in identifying two of the four malware programs:
viri/give me malware_ShareAccelerator.exe [DETECTION] Is the Trojan horse TR/Drop.HotWebBar.C viri/give me malware_Web_Hottest_Videos_Personal_Player.exe [DETECTION] Contains signature of the dropper DR/WhenU.A.9According to Avira, the two malware programs were added to the definition file on February 5th, 2007.
Moral: malware writers are getting increasingly sophisticated; antivirus programs are trailing behind.
Read and post comments