VB 2011 conference used to spread malware
Big events are always a good occasion to stir people's interest and curiosity – the key triggers to spread malware. A new product launch, a long-awaited show or even a technology conference could work as well. The funny thing is that somebody in the cybercrime business thought it would be a good idea to exploit no more, no less, than… this years' edition of Virus Bulletin conference which is underway in Barcelona.
A major event in the antimalware industry, VB International Conference gathers each year some of the most important names in the IT&C security, with speakers ranging from “dedicated anti-malware researchers to security experts from government and military organizations, legal, financial and educational institutions and large corporations worldwide”. It gets great coverage in media and probably some gazillion posts through social networks.
This provided the “bad guys” with a great opportunity – to broadcast Twitter messages purporting to deliver breaking news about the conference, but serving real-deal malware instead via shortened URLs, as you can see in the screenshot below.
Fig. 1 – Tweet about alleged VB news sending the inquisitive users towards malware.
What hides behind the shortened URL? A malware cocktail of a Trojan downloader and an installer. The downloader – hidden under the name of VB2011.exe (see the image below) – injects in SVCHOST.EXE process and attempts to download another file called Installation.exe.
Fig. 2 – The Trojan downloader disguised as the executable VB2011.exe.
Once launched, the installer can't be terminated and brings even more nasty files on the compromised machine, by connecting to additional malware-hosting domains. During installation, it opens numerous adware, gameware and porn pages in the Internet Explorer® browser, while also creating desktop shortcuts towards these pages.
Safe surfing everybody!
The malware descriptions in this article are provided courtesy of Doina Cosovan and Razvan Benchea, BitDefender Online Threats Researchers.
All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.
The Holiday Guide to Tech Support: Fixing the Family Computer
November 24, 2021
Bitdefender Celebrates 20 Years of Cybersecurity Leadership
November 04, 2021
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords
October 26, 2021
What are drive-by download attacks and how do you prevent them?
October 25, 2021
Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks
October 22, 2021
Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals
October 20, 2021