Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    August 2014
    S M T W T F S
    « Jul    
     12
    3456789
    10111213141516
    17181920212223
    24252627282930
    31  
  • About Us


    After a malware dubbed as the “Obama worm” was found circulating within an Illinois elementary school’s network, security researchers traded opinions on the threat it brings about.

    Most reports mainly circulated on the issue of whether the file was malicious or not, considering that it has no malicious payload other than showing the following image of the president:


    Figure 1. Image of Barack Obama used in online computer prank

    However, we find it more interesting how these reports are leaning towards the conclusion that a student in the affected school may have triggered the “attack,” and that it may have been done through playing around with a malware kit. In analyzing the reports we have come up with following insights:

    1. Crediting the incident to a script kiddie may come as no surprise, but the fact that the setting involved is an elementary school makes things different. The idea of a grade school student having the capability of launching such an attack is downright scary. This is a reminder of how easy it can be to obtain tools needed to create a ‘decent’ malware.

    2. Also, despite handling relatively non-critical data, it is important to stress that computers in schools need as much protection as with any other computer network. These systems are used by numerous students everyday, thus calling the need for protection from threats.

    3. The malware involved in the incident is considered more of a nuisance due to its lack of malicious routines. Still, it pays to see through the “non-malicious” nature of this attack and reveal their potential to be a far more dangerous threat. The Smart Protection Network has accomplished this, initially detecting the code as MAL_OTORUN.

    The malicious file is now detected as WORM_KARAB.A.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon




    Comments are closed.



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice