Computer Security Research - McAfee Labs Blog

(Photos are taken from the slideshow attached to the Trojan)

With all the press coverage the Beijing’s Olympics is currently receiving, it doesn’t surprise us that malware authors are using it as a way of spreading their parasites. Today around the time of the opening ceremony we received a sample in the Aylesbury research lab, which proclaimed to be a set of images which showed the amazing architectural feats of the venues.

While viewing the slideshow your machine would be infected by a classic BackDoor-CKB. The original dropper [executable] which tried to imitate a PowerPoint presentation icon, copies 81.dll and wuauct.exe and launches a PowerPoint slideshow to disguise its background activity. The server which the backdoor communicates with appears to be located in the city of Henan (in the region of Shanxi, China).

We want to reiterate to all our readers to be vigilant and cautious while checking emails that attempt to attract attention to high-profile events. If you do receive any suspicious emails, please find details on how to submit a sample here. We wish all your countries the best of luck in the competition

This entry was posted on Friday, August 8th, 2008 at 06:42 and is filed under Malware Research. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Olympics 2008 - The Malware Events are underway - Harry Waldron - My IT Forums Blog Says:
August 11th, 2008 at 04:59

[...] will not earn any medals from these malicious acts. A parallel Olympics for malware started todayhttp://www.avertlabs.com/research/blog/index.php/2008/08/08/a-parellel-olympics-for-malware-started-… QUOTE: With all the press coverage the Beijing’s Olympics is currently receiving, it doesn’t [...]

Olympics 2008 - The Malware Events are underway - Harry Waldron - Microsoft MVP Blog Says:
August 11th, 2008 at 05:00

Sue Hermesdorf Says:
August 11th, 2008 at 07:31

Just got a call from my brother about his computer crashing because of this exact thing described here. He is an astrophysicist & a computer guru & is VERY cautious about clicking on emails, but had been tracking the Olympics & this one just caught him totally off guard. He said it is the WORST crash he has ever experienced. After he called me I started researching to see if I could find anything about CNN or the Olympics in connection with email viruses and that is how I found this information. Thanks – but wish we had been sent emails about it warning us.

Prepare for Corporate Layoffs » Blog Archive » Olympics 2008 - The Malware Events are underway Says:
September 2nd, 2008 at 09:52

[...] A parallel Olympics for malware started todayhttp://www.avertlabs.com/research/blog/index.php/2008/08/08/a-parellel-olympics-for-malware-started-… [...]

A parallel Olympics for malware started today

4 Responses to “A parallel Olympics for malware started today”

Leave a Reply

Archives

Categories