This month's annual Virus Bulletin Conference (VB) brought the world's foremost authorities on malware and computer viruses together to explore the state of malicious software and cybercrime, and how these threats can be mitigated. The conference, held Oct. 5 – 7 in Barcelona, featured panels such as "Automated Social Engineering," "Malicious Tools and Techniques in a Politicized, Militarized Cyberspace" and "File-Fraction Reputation Based on Digest of High Granularity."
The VB Conference also saw its share of unwanted, party-crashing guests — in digital form, at least. In a twist of cybercrime irony, malware makers used the popularity of the VB Conference to do what they do best: spread malware.
On its Malware City blog, the security firm Bitdefender (one of the VB Conference's presenters) reported that malware perpetrators sent Twitter posts claiming to have breaking news from the conference that, when clicked on, dropped a nasty Trojan on victims' computers. The Trojan, Bitdefender said, was hidden in a shortened URL called "VB2011.exe" that downloaded a Trojan installer on the targeted system.
Because the VB Conference was such a high-profile event, Twitter posts about conference developments went out to a large, interested audience. And hiding their nasty Trojan in a shortened URL gave the cybercriminals the advantage of making their payload appear legitimate to the casual reader.
But the URL was anything but safe. "Once launched, the installer can't be terminated and brings even more nasty files on the compromised machine by connecting to additional malware-hosting domains," Bitdefender wrote. The installer automatically opens "numerous adware, gameware and porn pages in the Internet Explorer browser," and also creates desktop shortcuts to these unwanted sites.
Bitdefender's anti-malware software detected the executable file as a threat, but the fact that cybercriminals would capitalize on the public interest in this anti-virus conference points to a larger issue. Malware authors are often one step ahead of those chasing them, and they will use any opportunity to wreak havoc on your computer for their own benefit.