Malware’s Next Target: Social Media

Malware has extended its reach to Social Media as well! Lately, a social book marking website called Reddit was its target. Somebody uploaded a story with malware on the website and promoted it to the website's front page. Consequently, people who clicked on the story had their computers infected by a Trojan.

The researcher from Symantec, David Curran, identified that Trojan, Trojan.ByteVerify, Trojan virus that utilizes the liability of the Microsoft Security Bulletin MS03-011 and facilitate a hacker to run a random code on an infected computer. If anti-virus software is run on the computer and it detects files infected by the Trojan.ByteVerify, then the users should immediately delete those files from the computer.

The Trojan.ByteVerify usually enters as an element of another malicious content. To execute other code, an invader could use the compiled Java class file, which may be present as VerifierBug.Class. For instance, an invader could make an .html file that utilizes the Trojan and a script file that will execute further events, like setting the Start Page of IE (Internet Explorer).

Though the Trojan.Byteverify is somewhat technical in actions, it's fairly simple to eliminate, that is, the files can be deleted in the safe mode rather than deleting anything from the registry etc.

David was surprised to note the significance of the websites like Reddit and Digg to infect several computers by a story. He quoted claims by E-Consultancy that a Digg's promoted story could attract 12,000 visitors towards the target page, according to news published by Securitypronews on May 30, 2007.

David speculated ways by which malware backers may benefit from the intrinsic flaws in the computer. He said that the invaders could produce a group of forged accounts and a story, which would capture the interest of the visitors at social media websites.

Further, to create an account isn't essential as there are websites, which recommend Digg click in return for a cost. Digg would presumably grab a group of recently created accounts for voting a piece of writing. Clicks made by current users, who take part in "pay for vote" plans, might not be simply observed.

Related article: Malware Authors Turn More Insidious

» SPAMfighter News - 6/11/2007