Your guilty conscience could get you pwned

Posted by William McBorrough, MSIA, CISSP, CISA, CRISC, CEH | News | Thursday 4 February 2010 12:18 pm

From Trend Micro Countermeasures Blog:

I just received an from some guy called Willie Hickey. Aside form having an extremely amusing name, Mr. Hickey was offering me some very urgent advice[..]

The message reads…

“Hey, some jerk has posted your pictures (u understand what kind of pictures are there) and sent a link of them to all ur friends. I have already replied back. Said, that he is an idiot. See the link:”.

This little piece of is obviously designed to arouse fear and doubt in the recipient; “Oh no, not those photos, the zookeeper promised he would destroy the negatives.
Don’t be tempted though to click the link. There are no photos, there is no Willie Hickey.
The link leads to a malicious JavaScript which redirects the browser to a Russian IP address where multiple PDF exploits and an ActiveX exploit are used to push out a variant of the ZeuS crimeware. The sample itself has very low detection rates with only 9 out of 40 detections on VirusTotal.

http://countermeasures.trendmicro.eu/your-guilty-conscience-could-get-you-pwned/

About: William McBorrough, MSIA, CISSP, CISA, CRISC, CEH:
William J McBorrough is a Expert with many years of success Managing, Designing, and Implementing medium and large enterprise Physical and Information Technology Solutions. His experience spans the spectrum from small e-commerce start-ups to multi-campus state and federal agencies to global financial sector organizations. He is on the faculty of various universities including University of Maryland University College, EC-Council University, George Mason University and Northern Virginia Community College where he conducts research and teach graduate and undergraduate courses relating to cybersecurity, cybercrime, cyberterrorism, and information and assurance. He holds a Bachelors of Science in Computing Engineering with a concentration in digital networks and a Masters of Science in Information and Assurance. He is a Certified Information Systems Professional (CISSP), Certified Information Systems Auditor (CISA), Certified in Information System Control (CRISC), and Certified Ethical Hacker (CEH).He is well versed in personnel, systems and network security management. His core competencies include Developing cost effective solutions to enable mission assurance in the following areas: Enterprise Management, IT Governance, Security Organization Development, Information Security and Assurance
Website:http://www.linkedin.com/in/mcborrough
If you enjoyed this post, subscribe to my RSS feed!

Related posts:

  1. Don't install fake Facebook Antivirus
    Alas, another day, another Facebook security alert. As soon as you install this malware, it will tag every single one of your friends in a photo in batches of about...
  2. 2010 CyberSecurity Watch Survey
    Cybercrime threats posed to targeted organizations are increasing faster than many organizations can combat them, according to the 2010 CyberSecurity Watch Survey conducted by CSO magazine, the leading resource for...
  3. Brevity is the soul of…..getting yourself infected with all kinds of nasties!
    Would you click on the link : http://www.click-here-to-give-me-access-to-all-your-computer-files.com? No? How about http://www.bit.ly/12345? Not so threatening, is it? Yet, those two links could just as easily take you to the same...
  4. SMB Cyber Security Alliance helps Small Businesses address Cyber Security Risks
    Across all industries, small businesses are increasingly facing new threats related to cyber security. Whereas some have taken minimum steps to address these threats but most have not. New security...
  • Post a comment
    CAPTCHA Image
    *

    Threaded commenting powered by Spectacu.la code.

Get Adobe Flash player

Switch to our mobile site