Digitally ugly for sure, the point is that this malware campaign has been spreading pretty rapidly over MSN and AIM as of recently, and with its success rate so efficiently infecting new hosts, that going through chat logs indicates the botnet master's will to stop spreading it as there are simply too many hosts getting infected faster than he had anticipated at the first place. Ironic, but a perfect example of what happens once the entry barriers into a certain market segment of the IT underground have been lowered to the stage where, it's not about having the capabilities, but the motive to embrace the success rate, like this case.
Botnet masters are also masters in social engineering. Apparently, the success rate for this campaign is so high due to its social engineering tactic, which in this case is to establish as many touch points with the potential victim as possible, and also, entice clicking on a commonly accepted as harmless .php file followed by the victim's username in a username@hotmail.com fashion.
What you see is not always what you get, especially with more and more droppers requesting other malware with image file extensions, which gets locally saved in its real nature - %Windir%\Media\System.exe for instance.
No comments:
Post a Comment