PandaLabs Reports on the Use of Famous Names as Bait to Spread Malware

Using famous names as bait to spread malware is becoming increasingly widespread. The names used normally relate to people who, for one reason or another, are currently in the news. In recent months, several names of well-known people have been used by cyber-crooks to trick users.

George Bush, the US President, appears frequently according to PandaLabs. Worms such as MSNDiablo.A, Nuwar.A and Wapplex.C all spread via email or IM in messages offering users caricatures or videos of President Bush.

A lot of malware typically employs a more seductive approach. The Piggy.A worm, for example, spread in messages claiming to offer photos of celebrities such as Carmen Electra or Britney Spears, while the Haxdoor.PL backdoor Trojan claimed to offer users pictures of Angelina Jolie and Nicole Kidman naked. Another worm, Mops.A, enticed users with Paris Hilton and Nicole Richie.

"This is a typical social engineering technique. Users are persuaded to open an enticing file containing malware or to click on a link pointing to an infected file, in this case with the bait of celebrities? pictures", explains Luis Corrons, Technical Director of PandaLabs.

Music has also been used in social engineering. TelnetOn.A is one of the most notorious 'musical worms' that spreads through P2P programs. It does this by copying itself to shared folders under names such as Eminem.exe, Evanescence.exe or Linkin Park.exe. When unwary users download one of these files, instead of music they will actually be installing a copy of the worm.

It is not just celebrities that have been used by malware. Saddam Hussein and Osama Ben Laden, for example, have been used by several variants of the Bobax family in order to spread. "Even Adolf Hitler has been used by malware creators to distribute malicious code. The malware in question, Saros.C, is a worm that has also used figures such as Bill Gates or Pamela Anderson", says Corrons.

Fictional characters also make an appearance. One of the most frequently used is Harry Potter, whose name has been used to distribute worms such as Hairy.A or Harrenix.A. Even Mario Bros and Lara Croft, from the famous videogames, have recently been recruited by malicious code (RogueMario.A and Downloader.PSJ) in order to spread.

"For this reason users should be wary about seemingly attractive items that arrive via email or instant messaging, and delete these types of messages without opening files or clicking on links", advises Corrons.

write your comments about the article :: 2007 Computing News :: home page