Diomidis Spinellis blog dds logo

Malware on the Fly

 

Apparently, rogue servers listening on the p2p Kad network intercept the search terms of queries and generate on the fly appropriate file names linking to files that contain malware.

For a example, a random search term, like "give me malware", will return the following file names. 

give me malware_fastest_BitTorrent_downloader.exe
give me malware_Web_Hottest_Videos_Personal_Player.exe
give me malware_ShareAccelerator.exe
give me malware_using_emule_multimedia_toolbar.zip
As the image below demonstrates, the availability of these files is also doctored to look artificially high. (Yes, I know that one shouldn't use unknown servers.) malware search results

Two virus scanners didn't find anything suspicious in the files. Specifically, I run Clamwin and Vasilis Prevelakis Symantec antivirus without obtaining any warnings. However, Panagiotis Louridas running Avira AntiVir suceeded in identifying two of the four malware programs: 

viri/give me malware_ShareAccelerator.exe
[DETECTION] Is the Trojan horse TR/Drop.HotWebBar.C

viri/give me malware_Web_Hottest_Videos_Personal_Player.exe
[DETECTION] Contains signature of the dropper DR/WhenU.A.9
According to Avira, the two malware programs were added to the definition file on February 5th, 2007.

Moral: malware writers are getting increasingly sophisticated; antivirus programs are trailing behind.

Comments   Toot! Share

Navigation
blog contents
dds blog
dds home
comments
« How to Embed Citations in Diagrams
» A Peek at Beautiful Code
Tagged as


Become a Unix command line wizard
edX MOOC on Unix Tools: Data, Software, and Production Engineering
Debug like a master
Book cover of Effective Debugging
Compute with style
Book cover of The Elements of Computing Style
Syndication
This blog is also available as an RSS feed:

Recent posts
Twitter's overrated dissemination capacity (2023-04-02)
The hypocritical call to pause giant AI (2023-03-30)
AI deforests the knowledge’s ecosystem (2023-03-16)
How I fixed git-grep macOS UTF-8 support (2022-10-12)
The sorry state of software quality (2022-03-10)
Rather than alchemy, methodical troubleshooting (2021-11-27)
The Evolution of the Unix System Architecture (2021-06-18)
Reviving the 1973 Unix text to voice translator (2021-01-02)
Fast database UPDATE/DELETE operations (2020-12-10)
Raspberry Pi 400 vs ZX Spectrum (2020-11-02)

Last modified: Friday, February 16, 2007 12:40 am

Creative Commons Licence BY NC

Unless otherwise expressly stated, all original material on this page created by Diomidis Spinellis is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.