In this post we are going to prepare a cocktail using 4 ingredients.
Weâ€™ve called it MySecuWaloader. Now youâ€™ll find out why.
First of all, put into the cocktail shaker a BlackHat SEO attack together with a sample of rogueware and see the result:
If you search for any the following group of keywords related to the recent UK elections, you can come across malicious websites:
uk election news
british election 2010
british election results
uk general election 2010
british election 2010 since 1945
uk election results map
uk election results wiki
uk election results 2009
uk election results 2005
uk election results 2001
uk election results 1992
uk election results 1997
british election 2010 date
uk election results history
uk election polls
The results displayed can redirect you to web pages from which the fake antivirus detected as Adware/MySecurityEngine can be downloaded.
But, there are still more ingredients to add; letâ€™sÂ mix a greeting card and another sample of rogueware, and this is the result:
Adware/DesktopSecurity2010, a fake antivirus that passes itself off as a greeting card and that reaches the computer in an email like the following:
We’ve detected that Adware/DesktopSecurity2010 is using Google Groups users (created with this purpose) to be distributed.
The following are some examples of malicious usernames:
The name of the malicious file is also SETUP.ZIP.
Letâ€™s go on with more ingredients: mix an iTunes gift and a Banker Trojan and weâ€™ll obtain a delicious Sinowal.XAL, designed to steal banking information.
It reaches the computer in an attached file which seems to contain a $50 gift to spend in your iTunes account:
And the last ingredient of this cocktail is a curriculum vitae and a Trojan, mix it and youâ€™ll obtain a Downloader.XPP.
It reaches the computer in a message like the following and once installed in the computer, it starts downloading other samples of malware:
If we shake this cocktail shaker with all these ingredients inside, it will probably explode, so I wonâ€™t do it just in case 😉