Ancient Chinese belief has it that a lunar eclipse occurs because a great dragon swallowed the moon. People must therefore beat their mirrors (which represented the said celestial body) because doing so will cause the dragon to cough the moon out and return it to the sky.
In the age of Web threats, a lunar eclipse would mean a cybercrook “swallowing” an affected system to perform his bidding. No amount of mirror-beating will resolve that.
Yes, a total lunar eclipse just happened yesterday and miscreants are already trying to take advantage of the said celestial event — not set to happen again until 2010 — to lure users into downloading a malware into their systems.
TrendLabs has received samples of email messages promising a video of the eclipse. Below is a screenshot of one of the said message:
Once the user clicks on the link however, a backdoor detected as BKDR_AGENT.AKJZ is downloaded instead.
This is yet another example of cybercriminals riding on interesting events in order to spread threats. Those who may have missed the event or are unable to see it in the first place due to geographical reasons (i.e., if it happened during the day in one’s time zone) would probably be tempted to click the link. After all, such events do happen rarely, but that does not mean we throw all caution to the wind and click on suspicious links in email messages (or even in search results pages for that matter, given the recent malicious SEO tactics).
Here’s a tip: there are two more eclipses in 2008. Again, not all may have the chance to see them, but best mark your calendars if you really want to see one. Solar eclipses are the best, by the way.