Celeb pictures lure users

Johannesburg, 08 Aug 2007

It is not quite the oldest trick in the book, but people are easily tricked into loading malware onto their computers through access to celebrity pictures, says Panda Security.

"This is a typical social engineering technique. Users are persuaded to open an enticing file containing malware or to click on a link pointing to an infected file, in this case with the bait of celebrities' pictures," says Jeremy Matthews, Panda Security SA CEO.

US President George W Bush is used frequently with worms such as MSNDiablo.A, Nuwar.A and Wapplex.C. All are spread via e-mail or IM in messages offering users caricatures or videos of the world leader.

A lot of malware typically employs a more seductive approach, Matthews adds. The Piggy.A worm, for example, spreads in messages claiming to offer photos of celebrities such as Carmen Electra or Britney Spears, while the Haxdoor.PL backdoor Trojan claims to offer users pictures of Angelina Jolie and Nicole Kidman naked. Another worm, Mops.A, entices users with Paris Hilton and Nicole Richie.

Music is also being used in this way. TelnetOn.A is one of the most notorious "musical worms" that spreads through P2P programs. It does this by copying itself to shared folders under names such as Eminem.exe, Evanescence.exe or Linkin Park.exe. When unwary users download one of these files, instead of music they will actually be installing a copy of the worm.

It is not just celebrities who have been used by malware. Saddam Hussein and Osama Bin Laden, for example, have been used by several variants of the Bobax family in order to spread.

"Even Adolf Hitler has been used by malware creators to distribute malicious code. The malware in question, Saros.C, is a worm that has also used figures such as Bill Gates or Pamela Anderson," says Matthews.

Fictional characters also make an appearance. One of the most frequently used is Harry Potter, whose name has been used to distribute worms such as Hairy.A or Harrenix.A. Even Mario Bros and Lara Croft, from the famous video games, have recently been recruited by malicious code (RogueMario.A and Downloader.PSJ) in order to spread.

"For this reason, users should be wary about seemingly attractive items that arrive via e-mail or instant messaging, and delete these types of messages without opening files or clicking on links," advises Matthews.