Explosive_cocktail

In this post we are going to prepare a cocktail using 4 ingredients.

We’ve called it MySecuWaloader. Now you’ll find out why.

First of all, put into the cocktail shaker a BlackHat SEO attack together with a sample of rogueware and see the result:

If you search for any the following group of keywords related to the recent UK elections, you can come across malicious websites:

uk election news
uk election
british election 2010
british election results
uk general election 2010
british election 2010 since 1945
uk election results map
uk election results wiki
uk election results 2009
uk election results 2005
uk election results 2001
uk election results 1992
uk election results 1997
british election 2010 date
uk election results history
uk election polls

The results displayed can redirect you to web pages from which the fake antivirus detected as Adware/MySecurityEngine can be downloaded.

But, there are still more ingredients to add; let’s  mix a greeting card and another sample of rogueware, and this is the result:

Adware/DesktopSecurity2010, a fake antivirus that passes itself off as a greeting card and that reaches the computer in an email like the following:

Greeting_card_google_group_en

We’ve detected that Adware/DesktopSecurity2010 is using Google Groups users (created with this purpose) to be distributed.

The following are some examples of malicious usernames:

felixss
ferixs
ferzom
gorlix
gorlum
misterxyz
mraks

The name of the malicious file is also SETUP.ZIP.

Let’s go on with more ingredients: mix an iTunes gift and a Banker Trojan and we’ll obtain a delicious Sinowal.XAL, designed to steal banking information.

It reaches the computer in an attached file which seems to contain a $50 gift to spend in your iTunes account:

itunes_mail_en

And the last ingredient of this cocktail is a curriculum vitae and a Trojan, mix it and you’ll obtain a Downloader.XPP.

It reaches the computer in a message like the following and once installed in the computer, it starts downloading other samples of malware:

CV_mail_en

If we shake this cocktail shaker with all these ingredients inside, it will probably explode, so I won’t do it just in case 😉