A while back we noticed that malware authors seem to have a thing for Chuck Norris. And why not: Chuck Norris kicks ass! We have been monitoring the situation carefully and have found several malware that show some sort of interest or tribute towards Mr.Norris.
We started thinking; if our automation can detect malware by looking for references to Chuck Norris, what else can we do? Then it hit us: we need to look for references to David Hasselhoff. Obvious, when you think about it!
Picture (C) F-Secure Corporation
Sure enough – there is malware that references “the Hoff”.
As an example Backdoor:W32/IndSocket.A (a7de748dc32a8edda9e81a201e2a83da8f60bd42) which is a remote administration trojan (RAT) and consists of a client and a backdoor. It allows the attacker to do certain things on a compromised computer; the typical things, such as running programs, logging keystrokes, and changing the wallpaper of user’s Windows desktop. There is a catch, though; the attacker cannot choose which wallpaper to use. When the attacker clicks the “David Hasselhoff Atach” (sic) button on the remote trojan control panel, the wallpaper changes automatically to a well known picture of the “Knight Rider” with two strategically placed puppies.
Picture (C) F-Secure Corporation
So, if you yourself did not change your wallpaper to a picture of “The Hoff”, you know what hit you. We’re sure our customers rest easily knowing our Internet Security includes “Anti-Hassle Hoff Technology(TM)”.
Random Posts
- More fake Twitter emails
It’s been over a month since we wrote about fake Twitter email messages, and if it worked once for scammers, they’ll certainly try it again. Commtouch labs is seeing large quantities of &#... - SharK2: Trojan Creation Made Easy!
This blog talks about Shark2 DIY kit and how the remote access trojans has evolved from infamous Back Orifice to the recent RATS with stealth and virtual machine detection features along with the adva... - Stuxnet Using Three Additional Zero-Day Vulnerabilities
Our continued analysis of W32.Stuxnet has revealed a total of four zero-day vulnerabilities being used by the threat. We have already discussed the .lnk file vulnerability that Stuxnet uses to spread ... - Watch Your Money Fly with Zbot Airlines
Flight includes beverages, food and a Trojan horse on the house
Full story: MalwareCity Blog... - Using RDMA during malware research
During my malware research i have encountered thousands of samples.
most research labs uses same methods during their sample analysis, they all uses emulators or any other kind of virtualization imple... - Symantec Promises Safer Surfing with Norton DNS
Symantec announced Norton Everywhere today--a new approach to security that abandons the traditional PC-centric model and takes a more holistic approach to delivering security across all Internet-enab... - Blog: No honor among thieves – even in Germany
A lot of tools and services change hands - for money in the criminal underground . For example bot-packs are offered by the creator or his business partners for a defined amount of money. The customer... - How to clear chat history on facebook
This is more just a sort of twitter post than a blog post, but since of they told me there is not an answer on the net I decide to write few lines on my blog.
I have to admit I’m a facebook fan,... - Google puts bounty on security bugs
Are you an avid vulnerability hunter who wants to earn an extra buck or two for your skills? If so, Google would like a word with you. The company has announced a new experimen... - Two Steps Away from a Free iPad
Honestly, how many times have you won free stuff by clicking on links? And no… those spam, trojan, and spyware do not count as free stuff.We recently found a scam that promises a free i...
Posted on 30 April 2011.
The above information is reprinted from and copyrighted © by F-Secure Antivirus Research Weblog.
