CA Security Advisor Research Blog

A famous quotation from the The Art of War is "If you know both yourself and your enemy, you will come out of one hundred battles with one hundred victories." A malware author following the principles of Sun Tzu might say "If you know both yourself and your victim and use social engineering, your piece of malware will infect hundreds and hundreds of computers". In fact, with increased security on the average user's machine (more secure operating systems, automatic security updates, pre-installed antivirus and antispyware, etc..), the "bad guys" are finding new tactics to get their insidious piece of code to run on your machine. The new strategy revolves around giving users what they want. They will send you spam containing links to fake online businesses that sell Rolex watches. They will setup websites that promise free MP3s for download. They will even infect legitimate and popular websites in order to infect users via drive-by-downloads (Dolphin Stadium website earlier this year, Bank of India website more recently).

The latest attempt to use social engineering is courtesy of the guys behind the Storm Worm botnet. In this Halloween week, America has an appetite for ghost and ghouls and that is what is on the menu today at http://216.xx.xx.200. The only thing is that the main course of "The Dancing Skeleton" (see screenshot below) comes with a side order of the malware that CA Anti-Virus and CA Anti-Spyware detect as Sintun AK. Unsuspecting visitors to that website will get infected either through drive-by-download if your web browser's security settings are not up-to-date or by downloading the executable linked on that webpage.

Websense security lab reports that this Trojan is also being emailed around as a Halloween greeting card. As always beware of emails from senders you do not know and watch where you are surfing. Happy Halloween.