Thursday, July 5, 2007

New celebrity phishing

Today I found an interesting brand new (at least for me) vector of infection; usually when you are being phished the attackers send you e-mails with the look & feel of some bank's website trying to convince you of the authenticity of the site. But now it's being obvious and people do know how phishing e-mails look like.

This time I got a supposed video from a well-known magazine with the headline "Luis Miguel cheating on his wife", some pictures and three links to the "video". The video is a tvnotas.exe file.

You may wonder why would a victim click on that link, well Luis Miguel is a famous singer in Mexico, one of the richest, and all the magazines and TV programs are always following his career and personal life (far beyond of his public life). Maybe I'm not the target for this phishing, but I know a lot of people (mostly women) who would click before they finish reading "luis miguel"; you know, his wife is another beautiful woman "Araceli Arámbula", and it would be embarrasing to him to be caught "on action".

If you are curious about who was luis miguel supossedly kissing, it was "Jessica de Alba" (sic), I guess phisher was referring to "Jessica Alba" the chick from Dark Angel and Fantastic four.

After all this "background", I downloaded the tvnotas.exe troyan from www.nocleh.cz and uploaded to virus total (www.virustotal.com) to scan it. Virus total is a public free service in Spain, you can upload any file you like to get scanned for virus and malware.


From all the 30+ engines used at virus total, just 6 reported from "suspicious file" to "Trojan/Delphi.Downloader.Gen", Symantec and Mcafee reported nothing.

What we can learn from this is not to blindly trust the Antivirus. Everyday hackers are trying to fool you into clicking an image or link and have freshly programmed code that intercepts your request. You might get convinced with a headline and download a file, run the antivirus and as long as there isn't any alerts you double click the file and you are gone.

2 comments:

Alejandro Valenzuela said...

Oddly enough it was Panda who detected a suspicious file.
Panda is among the antivirus systems I trust the least.. :P

Eduardo said...

Hehehe, now think about McAfee and Symantec, maybe other AV would think of them as virus (because of the resource sucking).