Panda Software Reports Subjects of Infamous IT Threats

By | August 2, 2006

In the first half of 2006 we have witnessed numerous examples of phishing attacks, viruses, spyware, banker Trojans, etc. But above all, two events stood out and attracted the attention of users worldwide: a possible virus for cellphones that uses the Da Vinci Code as bait and the 2006 World Cup finals in Germany.

The first case hit the headlines on May 24, when Indian media reported the infection of a cellphone. Mridul Sharma, while giving a corporate presentation, had received a message on his phone: “Receive message via Bluetooth from Da Vinci Code?”

Thinking it might be an MMS clip or a still related with film, he didn´t think twice: he accepted the message. His telephone immediately lost all its data and ceased to work. The screen just displayed an image of a pupil with a cross reflected in it.

The news spread around the globe arousing interest of users. However, despite all the attention, it has yet to be confirmed whether this was real or not, as the antivirus community has not received a sample or been able to analyse it.

On the other hand, the opening ceremony of the XVIII edition of the FIFA World Cup finals took place in Munich, Germany on June 9.

Use of the 2006 World Cup finals in social engineering techniques is nothing new, in fact it was going on for a long time before the event started. As early as May 2005, the Sober.V email worm included messages claiming to offer tickets to the games, in an attempt to get users to run an attached file. Other later variants also used this theme.

At the beginning of May 2006, a backdoor Trojan belonging to the Haxdoor family was being distributed widely via email. The message, written in German, used the World Cup finals as bait, supposedly giving access to a program that offered real-time information about matches of the team selected by the user. No vulnerabilities or advanced techniques were used, the Trojan was simply downloaded from the Internet and run by the user.

However, the email messages themselves (crucial in order for the worm to spread widely) also exploit the subject of the World Cup finals, offering free tickets for games. And once again, with messages written in German. Perhaps this last factor explains the limited number of users who were affected by Banwarum.

Finally, on June 20, Sixem.A, another email worm using this theme, was detected. The messages, written in English, made no direct reference to the matches or to tickets. In fact, they refer to photographs of violent abuse of adolescents or a nudist World Cup.

These kinds of subjects are often used to propagate emails carrying Trojans. Other recent subjects used for this kind of social engineering include: photographs of Milosevic, of Michael Jackson during his trial, latest news about Arafat, etc.

Social engineering techniques are still used for all types of cyber-crime and are particularly prevalent at this time of year. Users are advised to stay informed with the latest IT security news in order to avoid falling victim to these kinds of threats.

Leave a Reply