About Me

Gaith Taha

Gaith Taha

Read More

Feeds & Podcasts

Blogs

Meet the Bloggers

Archive

Tags

#SecChat $1 million guarantee 12 Scams of Christmas access to live fraud resolution agents Acquisition Alex Thurber Android antivirus Apple botnet Channel Partners cloud security Compliance Consumer counter identity theft credit card fraud and protection credit fraud alerts credit monitoring credit monitoring and resolution critical infrastructure Cyber Security Mom cyberbullying Cybercrime cybermom data breach data center data center security Data Protection Dave DeWalt DLP Email & Web Security embedded encryption Endpoint Protection enterprise facebook fake anti-virus software Family Safety Friday Security Highlights global threat intelligence google government Hacktivism how to talk to kids how to talk to teens identity fraud identity fraud scams identity protection identity protection $1 million guarantee identity protection fraud identity protection surveillance identity surveillance identity theft identity theft expert identity theft fraud identity theft protection identity theft protection product Identity thieves and cybercriminals intel iphone kids online behavior lost wallet protection malware McAfee McAfee Channel McAfee Family Protection McAfee Identity Protection McAfee Initiative to Fight Cybercrime McAfee Labs McAfee security products Mid-Market Mobile mobile malware mobile security monitor credit and personal information Network Security online personal data protection online safety Operation Aurora PCI personal identity theft fraud personal information loss personal information protection phishing privacy proactive identity protection proactive identity surveillance Public Sector restore credit and personal identity Risk and Compliance scam scams scareware security smartphones social media social networking social networks spam Stuxnet twitter vulnerability Web 2.0 work with victim restore identity

McAfee Labs :

A parallel Olympics for malware started today

Friday, August 8, 2008 at 6:42am by Gaith Taha
Gaith Taha


(Photos are taken from the slideshow attached to the Trojan)

With all the press coverage the Beijing’s Olympics is currently receiving, it doesn’t surprise us that malware authors are using it as a way of spreading their parasites. Today around the time of the opening ceremony we received a sample in the Aylesbury research lab, which proclaimed to be a set of images which showed the amazing architectural feats of the venues.

While viewing the slideshow your machine would be infected by a classic BackDoor-CKB. The original dropper [executable] which tried to imitate a PowerPoint presentation icon, copies 81.dll and wuauct.exe and launches a PowerPoint slideshow to disguise its background activity. The server which the backdoor communicates with appears to be located in the city of Henan (in the region of Shanxi, China).

We want to reiterate to all our readers to be vigilant and cautious while checking emails that attempt to attract attention to high-profile events. If you do receive any suspicious emails, please find details on how to submit a sample here. We wish all your countries the best of luck in the competition :D

Bookmark and Share

Submit your own comments / message for this post

Your email is never published nor shared. Required fields are marked *

 

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Comments (1)

  • Sue Hermesdorf August 11, 2008 7:31AM

    Just got a call from my brother about his computer crashing because of this exact thing described here. He is an astrophysicist & a computer guru & is VERY cautious about clicking on emails, but had been tracking the Olympics & this one just caught him totally off guard. He said it is the WORST crash he has ever experienced. After he called me I started researching to see if I could find anything about CNN or the Olympics in connection with email viruses and that is how I found this information. Thanks – but wish we had been sent emails about it warning us.

    Reply