20 January 2011

Very sneaky malware technique

I was going through some log and infection notices and I spotted this one.

From a machine that had an attempted infection of W32/Chir-B I got the following interesting scenario.  This according to all documentation is not a know technique but one that could arise given the variables in play.
I just recreated a simple example to show the sneakyness of this social engineering method.

For the average user this would very easily cause them to double click this.

A shortcut to a folder with the default "New Folder" name.  "Maybe I should check it out and see what's in it."

Strangely it does not open a folder. "Oh well maybe it was nothing."

If you follow the shortcut it actually points to a file called "New Folder.exe"  But because the default is to hide know extension it looks like a folder with a "funny icon"

Even if the extension is shown, the shortcut will still easily fool a user into double clicking it.

Sneaky indeed.

No comments:

Post a Comment