(Photos are taken from the slideshow attached to the Trojan)
With all the press coverage the Beijing’s Olympics is currently receiving, it doesn’t surprise us that malware authors are using it as a way of spreading their parasites. Today around the time of the opening ceremony we received a sample in the Aylesbury research lab, which proclaimed to be a set of images which showed the amazing architectural feats of the venues.
While viewing the slideshow your machine would be infected by a classic BackDoor-CKB. The original dropper [executable] which tried to imitate a PowerPoint presentation icon, copies 81.dll and wuauct.exe and launches a PowerPoint slideshow to disguise its background activity. The server which the backdoor communicates with appears to be located in the city of Henan (in the region of Shanxi, China).
We want to reiterate to all our readers to be vigilant and cautious while checking emails that attempt to attract attention to high-profile events. If you do receive any suspicious emails, please find details on how to submit a sample here. We wish all your countries the best of luck in the competition