Hackers use 'dead' celebrities in Zeus botnet attack

Tom Cruise 'dead' message tricks users into infecting themselves with malware

Article comments

Hackers are using tales of dead celebrities to build out Zeus botnets by duping users into compromising their own PCs, security experts said today.

The list of celebrities, actors and singers for the most part, with an occasional sports star tossed in, range from Jennifer Anniston and Tom Cruise to Kanye West and Jay Z, said Symantec.

Dead celeb tales are being used to trick users into infecting themselves with malwareAccording to the spam that carries the malware, the personalities perished along with 34 others when their aircraft crashed into a mountainside during a landing. Later, the hackers changed the campaign to claim that the celebs were killed in car accidents.

The messages are accompanied by a .zip file attachment. If the recipient opened the archive file and then launched the resulting executable, her machine was hijacked by the Zeus Trojan and added to the growing botnet.

Using stars as bait is an old trick for malware makers, admitted Marc Fossi, the director of Symantec's security response team. "[But] this is a fairly heavy run. We've seen the .zip attachment rate double over the last couple weeks," Fossi said in an instant message interview.

Earlier this month, Symantec said the percentage of spam sporting .zip file attachments soared to 13%, a seven-fold jump over the rate just three weeks before.

Rival McAfee, the security firm that just agreed to be acquired for nearly $8 billion by Intel, also reported on the spike in Zeus attacks using celebrity fatalities as a draw. McAfee noted that the accounts of the demise of Beyonce or Bon Jovi, Johnny Depp or Justin Timberlake, were identical to the real-life airplane crash that claimed the life of then-US Commerce Secretary Ron Brown in 1996.

In that crash, Brown and 34 others died when their US Air Force aircraft hit a mountain while on approach to a Croatian airport.

Fossi said it was likely that a single group or even person was responsible for the campaign, citing the rapid rise in attacks as evidence. He also speculated that the increase in Zeus-based malware campaigns may be due to the recent release of a new version of the popular do-it-yourself crimeware kit.

"A newer version of the kit was released in the last while, [and] that could mean the price of the original dropped, allowing more people to get into the scene," Fossi said.

Last March, Zeus' makers added Microsoft-like anti-piracy technology to lock the software to a single machine, much like Windows' product activation fixes a copy of the operating system to a specific PC. At the time, researchers saw the move as a way for Zeus' creators to stablize the kit's price tag, estimated at between $3,000 and $4,000 for the basic edition.

Zeus was first uncovered in late 2007 by SecureWorks researcher Don Jackson, and has been tagged as the malware most-used by criminals specializing in financial fraud.

Photo courtesy of Caroline Bonarde via Flickr under the Creative Commons Attribution 3.0 Unported licence.

Share:

Comments

Advertisement
Send to a friend

Email this article to a friend or colleague:


PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.


We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

ComputerworldUK Knowledge Vault

ComputerworldUK
Share
x
Open
* *