Malware in Disguise of Celebrity Videos

Symantec has discovered many fake blogs, described as containing 'home sex movie' created by Cecilia Cheung and Edison Chen, the film stars from Hong Kong. The fake blogs are also being advertised with spammed comments on the forums.

As a user opens one of these Websites, he is recommended to download Video ActiveX Object, an updated version, so that he can run the video. As soon as he clicks to download the video file, the setup.exe file, actually malevolent file called Trojan.Zlob, downloads onto the system. This malicious file is identified by Symantec. The malware Trojan.Zlob is actually a gate pass for the hacker to enter into a visitors' computer. When entered, it modifies the basic computer settings and changes certain files. It starts automatically on the startup of the Windows, hiding all its activities by embedding the code into explorere.exe.

When the remote connections are made, malware helps the attacker to install and download additional software, manage entire computer and execute commands. The technique is completely new in the sphere of a social engineering attack, known as 'fake codec' fraud. The scam tells the users to download video translators and new plug-ins so that they can view the movie files. These codecs are Trojan in disguise and installs malware onto the computer of the user.

Silas Barnes, a Symantec researcher, stated in the company blog, as reported by Symantec on February 12, 2008, that employing counterfeit ActiveX video objects as well as codecs is an old concept and the best way to get protection against them is by learning about them.

Silas Barnes further stated that the innocent people can be tricked by various types of attractive malicious codes that are not restricted to a specific genre. The users, who are cautious of the malware and the threat caused by it, can stop the malware to cause harm to the computer.

The antivirus analysts from BitDefender have discovered a new spam botnet. It leads the users to a malware hosted Website, which it says offers explicit videos of well known celebrities like Britney Spears and Paris Hilton, as published in news by Marketwire on 5th February, 2008.

Related article: Malware Authors Turn More Insidious

» SPAMfighter News - 2/20/2008