Legitimate Screensavers Used in Malware Attacks
Malware writers turn to all kinds of techniques in order to trick people, infect their computers and reach their goal, no matter if we're talking about stealing some
data or just luring them on malicious websites. As part of their latest attempt, attackers who built rogue security applications even implemented legitimate software supposed to make the data more credible. For instance, Paolo Palumbo of McAfee writes about a malware sample which came with a legitimate screensaver informing him he got infected.
"So, we received a file named 4nlSkgZm.exe, which of course is a really dodgy filename, but we’ll pretend we didn’t notice. When I tried to run this file on my goat machine, it of course started installing itself and displaying the usual "you are infected" popups, but it also decided to be even more clear in telling me I was infected," the McAfee official wrote.
As mentioned, the malware replaced both the wallpaper and the screensaver in order to clearly show the user that he got infected with the indicated piece of malware. "The malware replaced my existing background with a dropped image, and then set my current screensaver to "blackster.scr" that was dropped too. It is interesting to note that the "blackster.scr" is a legitimate screensaver, and we are sure that the original author would never even imagine that his funny creation could be used like this!" Paolo Palumbo added.
This doesn't change too much the basic security measures which should be applied by all users out there because having legitimate software doesn't mean that anti-virus products won't be able to detect and block the infection. So, if you really wish to stay on the safe side, update the anti-virus to the latest definitions and don't forget to use the latest patches and fixes for the applications installed on the computer.
Credits: McAfee
data or just luring them on malicious websites. As part of their latest attempt, attackers who built rogue security applications even implemented legitimate software supposed to make the data more credible. For instance, Paolo Palumbo of McAfee writes about a malware sample which came with a legitimate screensaver informing him he got infected.
"So, we received a file named 4nlSkgZm.exe, which of course is a really dodgy filename, but we’ll pretend we didn’t notice. When I tried to run this file on my goat machine, it of course started installing itself and displaying the usual "you are infected" popups, but it also decided to be even more clear in telling me I was infected," the McAfee official wrote.
As mentioned, the malware replaced both the wallpaper and the screensaver in order to clearly show the user that he got infected with the indicated piece of malware. "The malware replaced my existing background with a dropped image, and then set my current screensaver to "blackster.scr" that was dropped too. It is interesting to note that the "blackster.scr" is a legitimate screensaver, and we are sure that the original author would never even imagine that his funny creation could be used like this!" Paolo Palumbo added.
This doesn't change too much the basic security measures which should be applied by all users out there because having legitimate software doesn't mean that anti-virus products won't be able to detect and block the infection. So, if you really wish to stay on the safe side, update the anti-virus to the latest definitions and don't forget to use the latest patches and fixes for the applications installed on the computer.
Credits: McAfee
Post a Comment