Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:


  • Targeted Attacks

  • Recent Posts

  • Calendar

    March 2015
    S M T W T F S
    « Feb    
    1234567
    891011121314
    15161718192021
    22232425262728
    293031  

  • Email Subscription

    • About Us
    blog.trendmicro.com Sites > TrendLabs Security Intelligence Blog > Bad Sites > FIFA and Gaza Attack Tweets Dump Backdoors

    What do the “FIFA World Cup” and Gaza attack have in common? They are both currently being used as social engineering ploys by a couple of malware campaigns seen on Twitter. TrendLabsSM senior threat researcher Ivan Macalintal spotted several malicious programs being distributed via the popular microblogging site. These malware campaigns take advantage of noteworthy events to lure users into clicking malicious links in Tweets.

    The first malware run makes use of the upcoming FIFA World Cup (set to see record levels of global interactivity according to CNN) by sending the following Tweet:

    Clicking the link leads users to download a copy of a backdoor detected as BKDR_BIFROSE.SMK, which connects to IP addresses that allow a remote user to perform malicious activities on affected systems. These activities include sending and receiving files, keylogging, and retrieving user names and passwords. It also has rootkit capabilities, which enable it to hide its processes and files from its victims.

    The second campaign, on the other hand, sends out the following Tweet related to the Gaza attacks:

    This time, the malware that is downloaded from the link is BKDR_BIFROSE.PAB, which opens a hidden Internet Explorer (IE) window and opens TCP port 788 to listen for commands from a remote malicious user who may initiate a denial-of-service (DoS) attack to target systems using specific flooding methods.

    Trend Micro™ Smart Protection Network™ protects users from these threats by detecting and deleting BKDR_BIFROSE.SMK and BKDR_BIFROSE.PAB via the file reputation service. Users must also be wary of and double-check shortened links in microblogging site updates.

    The “FIFA World Cup” is an incredibly popular global event that has already moved opportunistic cybercriminals into action as seen in the following previous posts:

    The past couple of months proved to be no safer for microblogging (i.e., Twitter) users either as seen in:





    Share this article
    		 Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon



    This entry was posted on Friday, June 4th, 2010 at 9:33 pm and is filed under Bad Sites, Malware, Spam . Both comments and pings are currently closed.





     

    Other Trend Micro blogs
    CTO Insights
    CounterMeasures Blog
    Cloud Security Blog
    Consumerization Blog
    Fearless Web
    Internet Safety for Kids & Families
    Simply Security News
    Trend Micro Blog [German]
    TrendLabs Security Blog [Japan]
    Cloud Security APAC
    Trend Micro Free Tools Threat Encyclopedia Trend Micro Videos
    Do you have a product-related question? Visit our eSupport website.

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice