Online Forum 4chan Under Attack Via New Technique of Malware Obfuscation

MMPC or the Microsoft malware Protection Center, the software company Microsoft's Internet software security wing reports that they've detected one new method of obfuscating malware that is being used against 4chan an online forum.

Explains the Center that the attack based on social engineering starts with the computer operator getting a 'Portable Network Graphics' (.PNG) file, which compresses its data as an image that's pretty harmless.

Interestingly, MMPC states that an end-user may do as per what is directed within the .PNG file and save the resultant content in the form of a .BMP i.e. bitmap file showing an .HTA extension. Consequently, as characteristic of .BMP files, the new file will get decompressed. Thereafter, it's disclosed that there will appear an image inside the file along with a JavaScript and a couple of executable files.

On investigating, the security researchers at Microsoft observed that they seemingly found the process as part of the evolutionary procedure of an exploit called 4chan.js. Moreover, the situation they noted depended on an end-user's faith in image files as well as his unfamiliarity about 'HTML Application' or .HTA files.

Michael Johnson an MMPC member while describing the malware assault that the Microsoft researchers identified stated that the JavaScript already mentioned was detected as Trojan:JS/Chafpin.gen!A. According to him, the MMPC team had currently witnessed 3 variants of the Trojan following the development of the malware creators' techniques. Softpedia.com published this on August 10, 2010.

Meanwhile, staff members of 4chan seeking to prevent the assaults are now deleting the numerous fake topics that the malware created. Nonetheless, the threat isn't occurring for the first time. The earliest assault based on social engineering that used this technique happened way back in 2008. Since then a number of mutations have occurred, according to the MMPC.

Says Johnson, the MMPC advises users that they shouldn't follow any direction accompanying a random graphic before them. Moreover, this should be particularly so when the directions involve changing the file to a random format and subsequently executing it. Indeed, the Center advises users not to execute arbitrary .HTA files under any circumstance, the MMPC researcher tells.

Related article: Online Card Fraud Shows Greater Tendency Than Chip and Pin

» SPAMfighter News - 8/18/2010