I love my job, and one of the main reasons is that everyday I see something new or at least different. I am always surprised on how the cybercriminals are able to adapt themselves and their creations to new technologies. Today I’ll show you the worm Spybot.AKB.

It spreads using P2P programs (copying itself to the usual sharedfolders with different names) and also via e-mail. The message it sends is a fake Twitter invitation:

Message sent by the worm
Message sent by the worm

If you run it (as sadly a huge percentage of users would do) it will install an extension for Firefox and Google Chrome browsers:

Malicious Firefox Extension
Malicious Firefox Extension

This extension will redirect your browser to different websites, if some of the following words is used while searching:

A: Airlines, Amazon,Antivir, Antivirus.

B: Baseball, Books.

C: Casino, Chrome, Cialis, Cigarettes, Comcast, Craigslist, Credit.

D: Dating, Design, Doctor.

E: Explorer

F: Fashion, Finance, Firefox, Flifhts, Flower, Football

G: Gambling, Gifts, Graphic.

H: Health, Hotel.

I: Insurance, Iphone.

L: Loans.

M: Medical, Military, Mobile, Money, Mortgage, Movie, Music, Myspace.

O: Opera.

P: Pharma, Pocker.

S: School, Software, Sport, Spybot, Spyware.

T: Trading, Tramadol, Travel, Twitter.

V: Verizon, Video, Virus, Vocations.

W: Wallpaper, Weather.

More information is available in the Encyclopedia.