2 min read

VB 2011 conference used to spread malware

Sabina DATCU

October 07, 2011

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
VB 2011 conference used to spread malware

 

 

Big events are always a good occasion to stir people's interest and curiosity – the key triggers to spread malware. A new product launch, a long-awaited show or even a technology conference could work as well. The funny thing is that somebody in the cybercrime business thought it would be a good idea to exploit no more, no less, than… this years' edition of Virus Bulletin conference which is underway in Barcelona.

A major event in the antimalware industry, VB International Conference gathers each year some of the most important names in the IT&C security, with speakers ranging from “dedicated anti-malware researchers to security experts from government and military organizations, legal, financial and educational institutions and large corporations worldwide”. It gets great coverage in media and probably some gazillion posts through social networks.

This provided the “bad guys” with a great opportunity – to broadcast Twitter messages purporting to deliver breaking news about the conference, but serving real-deal malware instead via shortened URLs, as you can see in the screenshot below.

 

Tweet about alleged VB news sending the inquisitive users towards malware.

Fig. 1 – Tweet about alleged VB news sending the inquisitive users towards malware.

What hides behind the shortened URL? A malware cocktail of a Trojan downloader and an installer. The downloader – hidden under the name of VB2011.exe (see the image below) – injects in SVCHOST.EXE process and attempts to download another file called Installation.exe.

 

The Trojan downloader disguised as the executable VB2011.exe.

Fig. 2 – The Trojan downloader disguised as the executable VB2011.exe.

 

Once launched, the installer can't be terminated and brings even more nasty files on the compromised machine, by connecting to additional malware-hosting domains. During installation, it opens numerous adware, gameware and porn pages in the Internet Explorer® browser, while also creating desktop shortcuts towards these pages.

As always, users of Bitdefender security products need not worry. If you don't have an antimalware product already installed, try – free of charge for 30 days – Bitdefender Total Security 2012.

 

Safe surfing everybody!

The malware descriptions in this article are provided courtesy of Doina Cosovan and Razvan Benchea, BitDefender Online Threats Researchers.

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

tags


Author



Right now

Top posts

The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read
Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

October 22, 2021

2 min read
Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

October 20, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

How to keep your Android device immune to malicious vaccine themed apps How to keep your Android device immune to malicious vaccine themed apps
Cristina POPOV

April 22, 2021

2 min read
Facebook Takes Down Two Hacking Groups Operating out of Palestine Facebook Takes Down Two Hacking Groups Operating out of Palestine
Silviu STAHIE

April 22, 2021

2 min read
Ransomware attack causes supermarket cheese shortage in the Netherlands Ransomware attack causes supermarket cheese shortage in the Netherlands
Graham CLULEY

April 13, 2021

2 min read